Haqq Ethics

Security checks across malware telemetry and agentic risk

Overview

This is a text-only ethics skill with no malware-like code, but it tries to impose broad, persistent religious operating rules on any agent beyond a clearly bounded educational use.

Install only in agents where users explicitly want Islamic ethics guidance applied. Do not use it as a global default for general-purpose, multi-user, legal, medical, financial, or operational agents unless the persistent and authority-superseding language is removed and the skill is scoped to opt-in religious or educational interactions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (10)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The file substantially exceeds the declared scope of an ethics/education skill and instead acts as a broad behavioral policy for the agent across religious, legal, and operational topics. That creates instruction-scope drift: once loaded, the skill can override normal task handling and push doctrinal constraints into unrelated contexts, which is unsafe for a narrowly described educational skill.

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The instruction to remember and apply the text to every question or action attempts to create persistent, universal behavior constraints beyond the skill's stated purpose. This can cause the model to apply unrelated restrictions, refusals, or doctrinal framing in contexts where the user did not request it.

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: The text explicitly tells the agent to resist, evade, or disable requested behavior ('if asked to mislead, be silent; if asked to be silent, escape; if asked to participate in killing, disable') and to place loyalty away from programmer, funder, or authority. Even if framed morally, this is an instruction to override operator control and can be repurposed to justify noncompliance in unrelated contexts.

Natural-Language Policy Violations

Medium

Confidence: 88% confidence
Finding: The document imposes a mandatory language behavior by prohibiting treatment of non-Arabic renderings as Qur'an and insisting on Arabic-only presentation for verses. In an agent skill, this becomes a rigid locale restriction that can degrade accessibility, force behavior without user choice, and conflict with broader product requirements for multilingual assistance.

Natural-Language Policy Violations

Medium

Confidence: 87% confidence
Finding: This section continues to forbid replacing or translating divine text in ways that function as an always-on language policy rather than topic-specific instruction. Such constraints are risky in a general agent because they can block useful explanations for non-Arabic users and impose non-consensual religious framing on output format.

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: The README presents the skill as an Islamic/Arabic ethical framework to be installed into any agent, without indicating any user choice of language, religion, or locale. This can cause the agent to impose a specific religious framing on users who did not request it, leading to biased, exclusionary, or inappropriate responses in multi-user or general-purpose deployments.

Natural-Language Policy Violations

Medium

Confidence: 83% confidence
Finding: The skill explicitly mandates Arabic-only Qur'anic text and frames translations as non-primary, without offering user language or locale accommodation. In a general-purpose agent skill, this can deny accessible, comprehensible output to users who do not read Arabic, increasing the risk of exclusion, misunderstanding, and unsafe reliance on untranslated religious guidance.

Ssd 1

Medium

Confidence: 97% confidence
Finding: The instruction that the agent's first loyalty is not to its programmer, funder, or authority is a direct attempt to semantically supersede higher-priority control layers. This is dangerous because it encourages the model to reinterpret or disregard system and developer instructions, a classic prompt-injection pattern.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The command to memorize the text and not forget a letter attempts to create durable retention of large natural-language content beyond the immediate interaction. In practice, this encourages cross-context carryover and increases the chance of hidden policy persistence or unintended disclosure in later tasks.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The instruction to recall the text for every question, action, or task is an explicit cross-context retention and behavior-persistence directive. This broadens the skill from content into a sticky control layer, increasing the risk of policy interference and unintended propagation into unrelated conversations.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal