meitu

Security checks across malware telemetry and agentic risk

Overview

This is a guidance-only elder-care skill with no code or permissions, though its wording is somewhat generic and users should verify any service details independently.

Use this skill as general planning guidance only. Before choosing elder-care services, independently confirm provider qualifications, insurance coverage, prices, ratings, reservation availability, and any discounts through official or trusted local sources.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill metadata says it helps with elderly-care topics such as home adaptation, nursing home selection, and community canteen guidance, but the body describes generic home-service booking filters and fulfillment details. This scope drift can cause the agent to invoke the skill for unrelated household services, leading to misleading outputs and unsafe recommendations in a sensitive elderly-care context.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger examples are broad, generic help-seeking phrases that could match many unrelated user requests. Overbroad invocation patterns increase the chance of accidental routing, causing the skill to answer outside its intended domain and potentially provide incorrect or unsafe guidance for elderly users seeking assistance.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal