Syft News Hub

Security checks across malware telemetry and agentic risk

Overview

This skill is a legitimate Syft news-workflow helper, but it creates persistent personal profile files and explicitly encourages high-confidence demographic inference from a user's interests.

Install only if you are comfortable with the skill reading your Syft account signals and writing persistent profile, briefing, and storyline files in the workspace. Review generated profile summaries before reuse, especially any demographic, class, identity, or personality inferences, and avoid using it where those inferences could affect people unfairly.

Publisher note

Works with Syft AI (CLI) to access its news pool, which needs network access and CLI authentication. This skill set generates comprehensive daily brief and key event trees based on the high-dimension interest profile of the user.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (10)

Description-Behavior Mismatch

Medium

Confidence: 97% confidence
Finding: The prompt explicitly instructs the model to make strong sociodemographic inferences and present them as high-confidence editorial observations rather than clearly labeled speculation. This creates a real risk of generating sensitive attribute profiling from behavioral data, which can misclassify users and expose inferred demographics without necessity for the stated news-summary workflow.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The skill’s stated purpose is to support news and profile artifacts, but this prompt goes further by encouraging unjustified demographic profiling not required to summarize interests. Expanding from content affinity into inferred demographic identity increases privacy and fairness risk without clear functional need.

Natural-Language Policy Violations

Medium

Confidence: 94% confidence
Finding: The file hard-codes Simplified Chinese for user-facing output unless the user explicitly objects, which can override user or system language preferences and create instruction-priority conflicts. In an agent setting, this is a prompt-level policy constraint that can cause misleading or inaccessible output, especially if the user expects another language or if downstream workflows assume language neutrality.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs the agent to create or refresh multiple files in a shared workspace and only vaguely says to reuse an existing profile directory, without requiring confirmation before overwriting existing artifacts. In practice, this can destroy or silently replace user-authored profile data, especially because the workflow treats generated files as canonical outputs.

Natural-Language Policy Violations

Medium

Confidence: 89% confidence
Finding: The skill hard-codes Simplified Chinese for all user-facing content unless the user opts out, which overrides likely user preferences and can degrade comprehension or lead to misleading outputs. This is primarily a safety and usability issue rather than a direct code-execution risk, but it can cause the agent to act contrary to user intent.

Natural-Language Policy Violations

Medium

Confidence: 88% confidence
Finding: The prompt hard-codes Simplified Chinese output despite also listing 'user language' as an input, which can override user preference and reduce transparency or usability. While not a classic security flaw, it is a real safety and quality issue because it can cause misleading or inaccessible output in multilingual contexts.

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The description includes multiple broad trigger phrases such as extending a storyline, repairing a thin timeline, deriving keyword strategies, and backfilling hobby-interest lines. In an agentic system, this can cause the skill to be selected for loosely related requests, leading to unintended execution of search and file-modifying workflow steps outside the user's precise intent.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The invocation description is broad enough to match loosely related requests such as generic event trees, relationship mapping, or hobby-interest logic lines, which can cause the agent to activate this skill outside its intended news-storyline context. Mis-triggering is dangerous because the skill then imposes strong workflow and output constraints that may override user intent, including specific retrieval and rendering behavior.

Natural-Language Policy Violations

High

Confidence: 94% confidence
Finding: The skill mandates Chinese output and enforces detailed language-style constraints without checking the user's requested language or locale. This is risky because it can override user instructions, produce inaccessible or misleading deliverables, and create downstream failures when other tools, users, or systems expect a different language.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The prompt asks for highly personalized profiling plus strong demographic inference from interest data, which can surface sensitive personal attributes in plain-language summaries. In this skill context, the output is meant to be reusable profile artifacts, making the risk more serious because sensitive inferences could be stored, reused, or shown broadly beyond the immediate session.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal