Founder Story Brand Narrative

Security checks across malware telemetry and agentic risk

Overview

The available evidence describes a writing-oriented skill with only routing and language-preference quality concerns, not hidden access or unsafe behavior.

Install this if you want help drafting founder or brand stories. Be aware it may activate on loosely related storytelling prompts and may prefer English unless you explicitly ask your agent to use another language.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Low

Confidence: 82% confidence
Finding: The eval file describes broad usage such as 'use whenever the user mentions founder story' but does not define clear activation boundaries or negative examples. In practice, this can cause the skill to be invoked in adjacent contexts where it is not appropriate, leading to over-broad routing, irrelevant outputs, or accidental handling of requests outside the intended narrative-writing scope.

Natural-Language Policy Violations

Medium

Confidence: 90% confidence
Finding: The prompts and expected outputs hard-require English responses without checking user preference or documenting a business need. This can override user language choice, reduce accessibility, and create unfair or degraded service for non-English users; in multilingual deployments, it may also cause policy and UX compliance issues.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal