Housing Dispute Help Planner

Security checks across malware telemetry and agentic risk

Overview

This skill appears to provide housing-dispute help, but its activation rules and evidence claims are too broad and poorly supported for a sensitive advice workflow.

Review before installing. Use it only if you specifically want Hello Landing or furnished-apartment dispute assistance, and do not treat its output as legal advice. The publisher should narrow triggers to explicit housing-dispute phrases and replace unrelated validation links with directly relevant sources.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (12)

Intent-Code Divergence

Medium

Confidence: 98% confidence
Finding: The README claims validated demand for a housing-dispute assistance skill, but the cited evidence is largely unrelated programming and system-administration content. This is dangerous because it misrepresents provenance and validation, which can mislead users or downstream systems into trusting, surfacing, or auto-invoking a skill for sensitive housing-dispute guidance without genuine supporting evidence.

Intent-Code Divergence

Medium

Confidence: 98% confidence
Finding: The README asserts that the skill is validated by supporting evidence for a housing-dispute use case, but most cited links are unrelated programming or computer-use discussions. This is dangerous because it misrepresents provenance and trustworthiness, potentially causing users or downstream systems to rely on a skill that has not actually been validated for the stated domain.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The cited evidence largely consists of unrelated Stack Overflow, Software Engineering, and Superuser posts that do not substantiate the claimed housing-dispute requirement. This creates a deceptive provenance trail that can cause the skill to be selected or trusted under false pretenses, increasing the chance of misrouting users and generating unreliable dispute guidance in a sensitive real-world context.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrases use broad, natural-language wording tied to common terms like 'help,' 'hello,' 'landing,' and 'dispute,' which can cause accidental or overly broad activation. In a skill that may influence advice around housing disputes, this increases the chance of unintended invocation, context confusion, and delivery of irrelevant or sensitive guidance in the wrong conversation.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger phrases use very broad everyday terms such as 'help', 'hello', and 'general-help', which can cause the skill to activate in unrelated conversations. Unintended activation is risky because it can inject incorrect domain-specific guidance into benign contexts and reduce user control over which skill is being invoked.

Vague Triggers

High

Confidence: 94% confidence
Finding: The trigger keywords are extremely broad (`general-help`, `hello`, `dispute`, `apartments`) and are likely to match many ordinary user requests unrelated to this specific skill. This can cause unintended skill activation, routing the conversation into housing-dispute guidance when the user meant something else, which is a security and safety concern because overly eager activation expands the attack surface for prompt injection and incorrect task handling.

Vague Triggers

High

Confidence: 91% confidence
Finding: The invocation description says to use the skill when a user asks for broad categories like `general-help` or mentions terms such as `hello`, `landing`, or `dispute`, without clearly requiring the specific Hello Landing housing-dispute context. Ambiguous activation conditions increase the likelihood of accidental invocation and mis-scoped assistance, which can misroute user data and make downstream safety controls less reliable.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger list includes very broad everyday terms such as "hello," which can cause the skill to activate in unrelated conversations. In an agent environment, overbroad activation can route users into dispute-handling guidance they did not request, increasing the chance of unintended actions, confusion, or disclosure of sensitive housing-dispute details in the wrong context.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The default prompt uses very broad language ('help me' and a wide topic description) that does not define clear activation boundaries. In combination with skill routing, this can cause the skill to be invoked for loosely related requests, increasing the chance of unintended handling of sensitive housing-dispute conversations or prompt-selection abuse.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: Enabling implicit invocation without defined activation constraints allows the platform to auto-select this skill based on broad semantic similarity rather than explicit user intent. Given the topic involves legal/housing disputes, unintended invocation could lead to inappropriate guidance, privacy issues, or user confusion in contexts where this skill was not actually requested.

Vague Triggers

High

Confidence: 95% confidence
Finding: The trigger sentence 'Help me People repeatedly need a practical, repeatable way...' is so broad and unnatural that it can match generic user help requests rather than a specific housing-dispute scenario. Overbroad activation can invoke the wrong skill in unrelated contexts, leading to confusing, inaccurate, or unsafe assistance where users expect domain-appropriate support.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger scope mixes broad keywords like 'general-help', 'hello', and 'dispute' without clear boundaries or exclusion criteria, making accidental activation likely. In a user-assistance system, ambiguous routing is dangerous because it can silently substitute a specialized dispute workflow where a general response or another domain skill would be more appropriate.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal