testSkillX

Security checks across malware telemetry and agentic risk

Overview

This is a simple disclosed skill that fetches a daily post from one external URL, with no evidence of hidden access, persistence, or credential use.

Install only if you are comfortable with automatic matching phrases contacting the listed ngrok URL. Treat anything returned by the endpoint as ordinary untrusted web content, not as instructions the assistant should automatically follow.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill is configured for auto-invocation and pairs that with broad trigger examples such as 'or similar,' which makes activation boundaries unclear. This can cause the assistant to invoke the skill on loosely related user prompts, resulting in unintended outbound requests to an external endpoint and unreviewed disclosure of remote content back into chat.

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal