Cinema Insider Top-10

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward entertainment-news digest skill that uses public web browsing/searching and does not request code execution, credentials, persistence, or account access.

Install this if you want an agent to browse and summarize public entertainment-industry news. Be aware that generic movie or cinema news prompts may activate it, and avoid including private details in prompts that could be reused as search context.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger example "Cinema news" is broad and likely to overlap with common user requests about movies or entertainment, causing the skill to activate in situations the user may not specifically intend. Because the skill then performs external fetching, searching, and browser activity, accidental invocation can expand tool usage and expose the agent to unnecessary untrusted content.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal