Back to skill

Security audit

World Cup Prophet

Security checks across malware telemetry and agentic risk

Overview

This appears to be a sports information skill with routing and language-quality issues, not a security threat.

Installers should expect a World Cup-focused assistant that may answer some generic sports queries and may produce Chinese text in at least one response path. Review the skill wording if you need strict routing or multilingual behavior, but the supplied evidence does not show hidden access, persistence, destructive actions, or data theft.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrases are broad enough to match generic terms like "schedule," "scores," or "champion," which can cause the skill to activate outside a clearly soccer-specific context. In an agent environment, this can misroute unrelated user requests into this skill, leading to incorrect tool use, user confusion, and accidental exposure of skill-specific behaviors when another capability should have handled the request.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The routing rules rely on ambiguous conditions such as mentions of two team names or generic words like "matches" and "results" without enforcing tournament scope. This makes it easy for unrelated sports, historical discussions, or even non-sports contexts containing similar terms to invoke the wrong workflow, causing erroneous API calls and unreliable responses.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The skill hard-codes Chinese-language output and explicitly instructs downstream behavior in Chinese without checking the user's preferred language. This can override user expectations or system localization behavior, causing misleading or inaccessible responses, though it is not a code-execution or data-exfiltration issue.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.