Security audit

Error Message Improver

Security checks across malware telemetry and agentic risk

Overview

This is a text-only skill for improving error messages, with some overly broad auto-invocation wording but no hidden execution, data access, persistence, or exfiltration behavior.

Safe to install for rewriting error text, API errors, CLI messages, and support macros. Be aware it may be invoked too broadly for general debugging or support prompts; avoid pasting secrets in logs, and prefer explicit use when you want error-message copy improved.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (6)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The skill description is broad enough to match many ordinary requests involving debugging, validation, documentation, review, or workflow support, which can cause the agent to invoke this skill outside its narrow purpose. Over-broad routing increases the chance of misclassification, prompt shadowing, or accidental interception of sensitive troubleshooting tasks where a more specialized or security-aware skill should handle the request.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger keywords are highly generic terms like 'debugging,' 'support,' and 'validation,' which are common across many unrelated tasks and lack guardrails. This can lead to inappropriate auto-selection of the skill, diverting requests into error-message rewriting when the user actually needs security review, root-cause analysis, or broader technical assistance.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill description includes broad trigger terms such as error messages, debugging, support, validation, and user feedback without clear scope boundaries. This can cause the skill to activate for general development or support conversations beyond its intended use, increasing the chance of inappropriate guidance, context confusion, or unintended data exposure during unrelated workflows.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger-word list consists of generic keywords with no qualifiers, negative examples, or disambiguation rules. Overly broad keyword matching can make the skill fire on routine support or troubleshooting prompts where the user did not ask for message rewriting, creating misrouting and potentially causing unsafe or irrelevant outputs in the wrong context.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The skill enables implicit invocation without any narrowly scoped activation constraint, which allows the agent to trigger it automatically based on broad user context. Because this skill rewrites error messages and may be invoked during debugging, support, validation, or workflow discussions, overbroad automatic activation can cause unintended handling of sensitive operational data or let the skill influence responses in situations where it was not explicitly requested.

Vague Triggers

High

Confidence: 95% confidence
Finding: The trigger sentence is written so broadly and awkwardly that it can match ordinary user requests about help, workflows, or support rather than a narrowly scoped invocation of this specific skill. In an agent-routing system, this increases the chance of unintended activation, causing the model to follow the skill’s rewrite workflow in contexts where the user did not explicitly request it, which can misroute tasks and override more appropriate handling.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal