Brainhole Factory

Security checks across malware telemetry and agentic risk

Overview

This is a creative writing skill for fictional parallel-universe scenarios, with only a broad activation rule as a usability concern.

Safe to install for entertainment use. Be aware that everyday “if/what if” questions may be turned into fictional parallel-universe content, so use explicit wording or disable the skill when you need factual, safety-sensitive, or practical analysis.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The description and trigger keywords are broad enough to match ordinary conversation such as casual 'if' or 'what if' phrasing, which can cause unintended invocation of the skill. In an agent setting, this can override user intent, inject a rigid output format, and degrade reliability by activating on unrelated requests.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The catch-all rule stating that any request containing terms like '假如', '如果', 'what if', '脑洞', or '平行宇宙' should trigger the skill is ambiguous and overly expansive. Because those phrases are common in normal problem-solving and harmless discussion, the agent may route many unrelated prompts into this entertainment workflow, causing prompt hijacking of user intent and unsafe over-application of the skill.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal