Back to skill

Security audit

Work Productivity Weather Current Workflow Helper

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only workflow helper with overly broad activation wording but no code, persistence, credential access, or hidden data movement.

Install only if you want a generic workflow/checklist helper for Weather-style skill work. Be aware it may activate on unrelated prompts containing common words like api, key, or bug fix; explicit invocation or narrower triggers would be preferable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (12)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger sentence is broad and natural-language-like enough to match ordinary user requests, which can cause the skill to activate unintentionally. In an agent environment, accidental invocation can route tasks into the wrong workflow, leading to irrelevant actions, confused execution, or unsafe handling of user intent.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The invocation guidance is ambiguous because it mixes generic productivity, weather, API, checklist, and implementation terms without strong boundaries for when the skill should or should not run. This increases the chance of over-triggering on unrelated prompts, which can misdirect an agent, interfere with more appropriate skills, and degrade reliability or safety controls.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases are extremely broad and include common terms like 'weather', 'api', 'key', and 'users', which increases the chance of unintended activation in unrelated conversations. In an agent ecosystem, accidental invocation can route user requests into the wrong workflow, causing incorrect actions, confusion, or unsafe downstream behavior if the skill influences execution or recommendations.

Vague Triggers

High
Confidence
97% confidence
Finding
The manifest description uses expansive terms like "use when a user asks for" followed by broad categories such as "workflow," "analysis," and "implementation support," which can cause the skill to activate on many ordinary requests outside its intended scope. Over-broad routing increases the chance that this skill intercepts unrelated prompts, creating prompt-selection confusion and potentially suppressing more appropriate or safer skills.

Vague Triggers

High
Confidence
99% confidence
Finding
The trigger keyword list includes highly generic terms such as "api," "key," "required," "users," and "bug fix," which are common across many unrelated conversations. This makes accidental invocation very likely and can be abused for skill squatting behavior, where the skill captures broad traffic it was not designed to handle.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The example trigger sentences are open-ended and use broad phrasing like "Help me" and "I need a practical workflow," offering little constraint on when the skill should apply. Such examples teach invocation systems and users that ordinary requests are sufficient, reinforcing over-selection and increasing the probability of unintended routing.

Vague Triggers

High
Confidence
96% confidence
Finding
The trigger keywords are overly broad and overlap heavily with common technical and everyday terms such as 'weather', 'current', 'api', 'key', and 'users'. This can cause the skill to activate in unrelated conversations, leading to unintended routing, prompt-context pollution, or inappropriate delegation that degrades safety and reliability.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill description defines invocation conditions vaguely, saying it should be used for broad categories like work-productivity, weather, current, forecasts, and API-related needs without clear boundaries. Ambiguous activation criteria increase the chance that the orchestrator will select this skill for unrelated requests, which can mis-handle user intent and expose downstream workflows to unnecessary prompt injection surface.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The example trigger phrases begin with generic formulations like 'Help me' and 'I need a practical workflow', but do not include counterexamples showing non-matching cases. In systems that learn or match from examples, these broad examples can bias invocation toward accidental triggering on ordinary support requests.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The default prompt uses a very broad implicit invocation phrase tied to common terms like 'work', 'productivity', 'weather', 'current', 'workflow', and 'help me'. Because implicit invocation is enabled, unrelated user conversations can accidentally trigger this skill, causing prompt hijacking of normal requests and unintended insertion of the skill’s behavior. In this context, the skill is framed as a general helper for many common tasks, which increases the chance of over-triggering rather than constraining activation to a narrow domain.

Vague Triggers

High
Confidence
92% confidence
Finding
The trigger sentence begins with a very broad everyday phrase ('Help me') and then appends a long requirement description, which makes activation criteria overly permissive and likely to match unrelated user requests. In an agent skill-routing context, this can cause accidental invocation, misrouting, and unintended exposure of the skill's behavior in contexts where the user did not actually ask for this capability.

Vague Triggers

Medium
Confidence
88% confidence
Finding
Although the sentence adds more text, it remains ambiguous because it still uses a generic request form ('I need a practical workflow for ...') followed by requirement boilerplate rather than a clear user intent signature. This increases the chance that ordinary planning or workflow questions unrelated to weather/current workflows will spuriously activate the skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.