PizzINT Monitor

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed PizzINT reporting helper that fetches a public website and formats speculative OSINT-style signals, with no evidence of hidden access, persistence, credential use, or destructive behavior.

Install this only if you want an agent to inspect or summarize pizzint.watch. Treat the reports as speculative OSINT, not as authoritative military, political, financial, or safety advice, and be aware that broad geopolitical prompts may trigger this skill unless activation is narrowed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger list includes broad terms such as “军事情报” and “地缘紧张,” which can match many unrelated user requests and cause the skill to activate outside its intended narrow PizzINT use case. Overbroad activation increases the chance that users receive speculative geopolitical reporting when they did not ask for it, creating routing confusion and potentially amplifying misleading or sensitive content.

Natural-Language Policy Violations

Medium

Confidence: 82% confidence
Finding: The skill content is written entirely in Chinese and implicitly expects Chinese output, but it does not offer any language negotiation or fallback based on the user's language. This can cause incorrect or inaccessible responses for non-Chinese-speaking users and may lead to misunderstanding in a domain involving geopolitical threat interpretation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal