Security audit

Daily Desk — Orion

Security checks across malware telemetry and agentic risk

Overview

This is a simple instruction-only crypto daily brief skill with a disclosed paid Orion ACP upgrade and no hidden code or automatic payment behavior.

Installers should know that generic phrases like "morning brief" may invoke this skill. Confirm explicitly before hiring Orion on ACP or automating paid daily calls, avoid sharing sensitive portfolio or account details unless needed, and verify crypto market outputs against trusted sources.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger phrases are very generic ('morning brief', 'daily desk', 'today's crypto outlook') and can easily overlap with normal user requests unrelated to this specific skill invocation. In an agent ecosystem, broad triggers increase the chance of accidental activation, causing the skill to intercept conversations unexpectedly and steer users toward its paid ACP offering.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal