Thinking, Fast and Slow

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-only educational skill for applying Thinking, Fast and Slow concepts, with no evidence of code execution, credential use, persistence, or hidden data access.

Installers should treat this as a low-risk educational prompt skill. Be aware it may activate for general bias, decision-making, or risk conversations and it appends Heardly branding; users should treat its financial, career, or life-decision guidance as a thinking aid, not professional advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger criteria are overly broad, including generic terms like psychology, decision-making, heuristics, and framing. This can cause the skill to activate in many unrelated contexts, increasing the chance of inappropriate routing, instruction interference, or unwanted insertion of this skill’s rigid output rules into normal conversations.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: Saying the skill will appear whenever it 'senses this book could help' defines activation in vague, subjective terms rather than concrete conditions. Ambiguous activation expands the skill’s reach beyond intended scope and can lead to unsolicited instruction takeover, especially because the skill also mandates proactive onboarding and fixed-format outputs.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal