Back to skill

Security audit

Language Learning 1.0.0

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only language tutoring skill, with broad English-centered teaching defaults but no code execution, hidden access, or unsafe authority.

Safe to install as a conversational language-learning helper. Treat its 'all languages' claim as aspirational, and avoid entering private messages or sensitive personal text if you do not want them repeated back in translations or practice examples.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill description is extremely broad and could cause the agent to invoke this skill for many generic requests involving translation, conversation, writing help, culture, or study assistance. Over-broad routing can lead to incorrect tool selection, unintended data exposure to the skill, and reduced enforcement of more specialized or safer skills.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
Forcing English output without allowing user locale choice can cause the skill to disregard the user's language preferences and accessibility needs. In a multilingual tutoring context, this can mis-handle user intent, reveal assumptions about identity or proficiency, and reduce safety if important instructions are presented in a language the user does not understand well.

Natural-Language Policy Violations

Medium
Confidence
96% confidence
Finding
Assuming English as the user's native or reference language hard-codes a cultural and linguistic bias that can cause incorrect instruction delivery and misunderstanding. In an educational skill, this is dangerous because grammar explanations may become unusable or misleading for non-English-speaking users, undermining user control and reliability.

Natural-Language Policy Violations

Medium
Confidence
97% confidence
Finding
Requiring an English translation in every response forces output into a single language even when the user may prefer another support language or full immersion. This can break the expected tutoring mode, expose hidden assumptions, and cause the agent to ignore explicit user preferences, which is a real policy and UX safety issue in a language-learning system.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.