Academic Geographer

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only geography assistant with no code execution, credential access, network use, or install-time behavior.

Safe to install as a Chinese-language geography/worldbuilding helper. Users who do not read Chinese should confirm they can understand its responses and should not rely on it alone for real-world safety, infrastructure, legal, or environmental decisions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 96% confidence
Finding: The skill content is entirely written to operate in Chinese and does not offer the user a language choice or fallback, which can override user expectations and reduce transparency about how the agent will respond. While this is not a classic security exploit, it is a real policy/interaction vulnerability because forced language behavior can impair comprehension, informed consent, and safe use, especially if users cannot accurately evaluate outputs or warnings.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal