Back to skill

Security audit

Error Message Improver

Security checks across malware telemetry and agentic risk

Overview

This is a text-only helper for improving error messages, with some overly broad activation wording but no executable, credential, persistence, or data-access behavior.

Install if you want a lightweight workflow for rewriting or designing clearer error messages. Be aware that because it allows implicit invocation and uses broad trigger terms, your agent may apply it to general debugging or support requests unless you explicitly choose a more specific skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (10)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases are broad and natural-language-like, making it easy for the skill to activate on ordinary support or debugging requests beyond a narrowly scoped intent. Over-broad activation can cause inappropriate routing, unexpected instruction injection into unrelated conversations, or accidental invocation in contexts where the user did not intend to use this skill.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases are very broad and map to common requests such as productivity, debugging, support, and user feedback. This can cause the skill to activate outside its intended scope, increasing the chance of inappropriate routing, prompt shadowing of more specific skills, or unintended exposure of the skill’s workflow in unrelated contexts.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill description is broad enough to match many ordinary support, debugging, or productivity requests, which can cause the agent to invoke this skill outside a narrowly intended context. Over-broad activation increases prompt-scope risk because a generic skill may intercept unrelated tasks and influence behavior or outputs in ways the user did not explicitly request.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The trigger keywords are highly generic terms like debugging, support, and user feedback, which are common across many unrelated conversations. This raises the likelihood of accidental invocation and inappropriate tool selection, reducing isolation between skills and making routing easier to manipulate through normal language.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The example trigger phrases use broad everyday wording and effectively encourage invocation for normal conversational requests. Because these examples can strongly shape routing behavior, they increase the chance that the skill is selected for tasks beyond error-message improvement, potentially overriding more appropriate specialized skills.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description and usage scope are broad enough to overlap with many ordinary support, debugging, and productivity requests, which can cause the skill to trigger when the user did not explicitly want this specialized workflow. Mis-triggering is dangerous because it can override normal conversational handling, introduce irrelevant process constraints, and steer users into unintended guidance or artifacts.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The keyword list contains highly generic terms like 'debugging', 'support', and 'user feedback', which are common across many unrelated tasks. This increases the chance of accidental activation and prompt-routing errors, potentially causing the agent to apply the wrong skill and produce misleading or over-scoped outputs.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill enables allow_implicit_invocation without any visible trigger constraints, exclusions, or scoping controls. That can cause the agent to auto-select this skill in broader contexts than intended, potentially injecting workflow guidance or transformations into unrelated user interactions and increasing the attack surface for prompt-routing abuse or unintended data handling.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger sentence is broad enough to match ordinary user phrasing such as generic requests for help or workflows, which can cause the skill to activate outside its intended scope. In an agent system, over-broad routing can misdirect requests, override more appropriate skills, and expose users to irrelevant or lower-quality actions at scale.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger section lacks precise boundaries for when this skill should and should not be selected, making it easy for a router or agent to invoke it for vague work-productivity or support requests unrelated to error-message improvement. This increases the chance of prompt/skill misselection, causing confusion, lost context, and potentially unsafe delegation if the wrong skill handles sensitive debugging or support tasks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.