Insight Song

Security checks across malware telemetry and agentic risk

Overview

This is a creative, instruction-only songwriting skill that uses the active conversation as source material and does not include code, external calls, file access, or persistence.

Install only if you are comfortable with the skill turning the current chat into lyrics. Avoid using it in conversations containing confidential technical, business, or personal details unless you review and sanitize the generated song before sharing it or pasting it into Suno.ai.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Natural-Language Policy Violations

Medium

Confidence: 90% confidence
Finding: The skill mixes Japanese-only trigger wording ("明示呼出") into otherwise English documentation without clear opt-in or fallback behavior. This can cause unintended invocation behavior or user confusion in multilingual environments, especially if an orchestrator interprets locale-specific cues inconsistently.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger condition includes "when deep technical insight emerges," which is subjective and overly broad for an auto-invocable skill. Ambiguous activation criteria can cause the agent to invoke the skill on unrelated sensitive conversations, increasing the chance of unintended transformation or disclosure of conversational content.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal