Fridge Chef

Security checks across malware telemetry and agentic risk

Overview

This skill is a simple recipe assistant for fridge photos and does not request commands, credentials, persistence, or broad access.

Install it if you are comfortable sharing fridge photos with the agent. Avoid including sensitive personal information in images, and use a clearer prompt such as "what can I cook from this fridge photo?" if routing ambiguity matters.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger phrase revolves around a very common user utterance ('what can I make?') in the context of sending an image, which is broad enough to overlap with ordinary conversation and unrelated cooking scenarios. Overly broad triggers can cause accidental invocation or routing of user requests to this skill when the user did not explicitly intend it, increasing the chance of incorrect handling, privacy issues around image processing, or prompt/skill confusion.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal