Back to skill

Security audit

Error Message Improver

Security checks across malware telemetry and agentic risk

Overview

This is a text-only helper for improving error messages, with no executable code or credential access, though its trigger wording is broader than ideal.

This skill appears safe to install for drafting and improving error messages. Be aware that its broad implicit triggers may make it show up during general debugging or support requests, so use the explicit skill name when you want it and ignore it when the task is unrelated.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (10)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases are broad natural-language requests such as 'Help me' and 'I need a practical workflow', which can overlap with ordinary user prompts and cause the skill to activate unintentionally. In a skill-routing system, this can lead to incorrect invocation, prompt hijacking of unrelated requests, or unnecessary exposure of the skill's instructions in contexts where the user did not explicitly opt in.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases are broad enough to match many ordinary support or productivity requests, which can cause the skill to activate outside its intended scope. Over-broad activation increases the chance of prompt hijacking at the orchestration layer, unintended disclosure of internal guidance, or the model being steered into workflows the user did not explicitly request.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill description is framed broadly enough to match many ordinary productivity, debugging, support, and implementation requests, which can cause the agent to invoke this skill outside its intended niche. Over-broad routing is a real security and reliability issue because it can overshadow more appropriate skills, widen the attack surface for prompt-based influence, and lead to unsafe or low-context behavior in unrelated tasks.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The trigger keywords include highly generic terms such as debugging, support, troubleshooting, and user feedback, which are common across many unrelated requests. This makes accidental or excessive activation likely, increasing the chance that the skill is selected in contexts it was not designed to handle and creating opportunities for misrouting or instruction interference.

Vague Triggers

Low
Confidence
89% confidence
Finding
The example trigger phrases are written in broad everyday language and do not constrain the request to error-message improvement work. In practice, examples strongly shape invocation behavior, so vague examples can normalize over-selection of the skill for loosely related tasks and reduce routing precision.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill description and usage scope are broad enough to match very common support and productivity requests, which increases the chance of unintended invocation. When a skill is auto-selected too often, it can override more appropriate, narrower skills and cause incorrect workflow guidance or misleading outputs in unrelated contexts.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The keyword list uses generic terms such as debugging, support, and troubleshooting without scope boundaries or negative examples, creating ambiguous trigger behavior. This can cause the skill to activate on a wide range of unrelated tasks, degrading routing reliability and potentially surfacing inappropriate instructions or artifacts.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The default prompt is broadly phrased and can cause the skill to be invoked in situations that are only loosely related to error-message improvement. That increases the chance of unintended activation, which can lead to irrelevant guidance, accidental overreach into adjacent tasks, or misuse of the skill outside its intended scope.

Vague Triggers

High
Confidence
96% confidence
Finding
The trigger sentence is phrased with broad everyday language ('Help me', 'I need') that can match a wide range of unrelated requests and cause the skill to activate outside its intended scope. Overbroad invocation increases the chance of prompt-routing mistakes, where users seeking general assistance are steered into this skill and receive misleading or inapplicable outputs.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The invocation description does not define clear boundaries for when the skill should and should not run, so the router may invoke it for loosely related productivity or support requests. In an agent environment, ambiguous scope can lead to inappropriate tool selection, user confusion, and accidental processing of requests better handled by safer or more specialized skills.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.