TOEFL Speaking Question Generator

Security checks across malware telemetry and agentic risk

Overview

This TOEFL practice skill is limited to generating study questions and saving local practice files, with no executable code or credential access.

Install only if you are comfortable with local files under toefl/ retaining generated questions, reference answers, topic history, and dated archives. Delete that folder manually if you do not want the study history retained, and treat the TOEFL material as practice content rather than official exam guidance.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly writes content to persistent files (`toefl/latest.md`, `toefl/history.json`, dated archives) and updates usage history without clearly notifying the user or obtaining consent. This creates a privacy and transparency risk because user interactions and generated answer material may be stored longer than expected, and later exposed through follow-up commands like asking for today's answers.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal