Quiz Battle

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward quiz game and does not show hidden data access, persistence, or unsafe behavior.

Safe to install for a Russian-language chat quiz. Before using it, confirm that quiz messages will be sent only to the intended conversation or channel, especially where the message tool can target Telegram users.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The activation guidance is broad enough to match common requests like 'play a quiz' or 'test my knowledge,' which can cause the skill to trigger in situations where the user did not specifically intend this skill. Over-broad invocation increases the chance of incorrect routing and unexpected behavior, especially in environments with multiple overlapping educational or game-related skills.

Natural-Language Policy Violations

Medium

Confidence: 95% confidence
Finding: The skill content is written to conduct the interaction entirely in Russian and does not provide guidance to adapt to the user's language. This can lead to user confusion, inaccessible interactions, and accidental misuse when invoked for non-Russian-speaking users, especially because the skill is user-invocable and broadly scoped.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal