Back to skill

Security audit

Honest Game Guide

Security checks across malware telemetry and agentic risk

Overview

This is a game-guide research prompt that asks the agent to browse public sources for verification and does not include code, credentials, persistence, or local access.

Safe to install for normal game-guide use. Avoid sharing personal information in game questions, and expect the skill to use web search or page browsing to verify answers and provide source links.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger list is broad enough to match many ordinary gameplay questions, which can cause the skill to activate in situations the user did not explicitly intend. In an agent ecosystem, overbroad invocation increases the chance that web-enabled behavior runs unexpectedly, affecting routing, user expectations, and possibly exposing user queries to unnecessary external browsing.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.