My Daily Brief

Security checks across malware telemetry and agentic risk

Overview

This is a simple daily briefing skill that fetches public weather and trending-news information, with minor clarity issues around triggers and schedule.

Before installing, confirm whether you want automatic daily briefings and clarify the intended schedule, since the artifacts mention both 8 AM and 11:22. Use it only if you are comfortable with the agent contacting public weather and Baidu pages when the skill runs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrase '有什么新闻' is broad enough to match ordinary conversation, which can cause unintended invocation of the skill. In a skill that performs external fetches and generates summaries, accidental activation can lead to unnecessary network access, misleading responses, or disclosure of user intent/context to third-party services.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The condition '需要快速了解今日信息时' is vague and gives the agent excessive discretion to invoke the skill without a clear user request. Ambiguous activation logic increases the chance of unintended tool use, especially in conversational contexts where the user did not explicitly ask for weather/news aggregation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal