Signal vs Noise

Security checks across malware telemetry and agentic risk

Overview

This is a low-risk instruction-only skill for filtering and ranking user-provided information, with only a mild risk of broad auto-activation.

This appears safe to install as a filtering aid. Because it summarizes and ranks supplied content, avoid feeding it sensitive private message dumps, secrets, or identifiers unless you are comfortable with those details being reflected in evidence pointers or summaries.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger list contains multiple generic phrases such as 'summarize messages', 'what matters most', and 'reduce noise' that are likely to match ordinary user requests outside the intended skill scope. Overly broad activation can cause the wrong skill to run, leading to unintended data processing, context capture, or suppression/reframing of important information when a user did not explicitly request this behavior.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal