Language Coach

Security checks across malware telemetry and agentic risk

Overview

This appears to be a low-risk language review skill, with only a minor chance of activating on broad wording.

Reasonable to install if you want language-checking help. Be aware it may activate from general phrases like asking to check or review language, so disable or narrow triggers if you only want explicit invocations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The alternative trigger phrases are broad enough to match ordinary user conversation, which can cause the skill to activate when the user did not explicitly intend a language-checking action. That creates prompt-scope confusion and may lead to unwanted processing or transformation of user text, especially in mixed-purpose chats where the user is discussing language rather than requesting correction.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal