Back to skill

Security audit

IdeaForge

Security checks across malware telemetry and agentic risk

Overview

The only identified issue is a broad example prompt, with no artifact-backed evidence of unsafe access or hidden behavior.

Install if you are comfortable with the skill being triggered by broad money-making or online-business ideation prompts. Review its instructions so you know when it will activate, but the supplied evidence does not justify treating it as harmful.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
91% confidence
Finding
This markdown file includes an invocation example, "Give me ideas to make money online," that is broad natural language rather than a narrowly scoped trigger. Because the file does not provide explicit trigger constraints or negative examples, the skill could be invoked in situations beyond the intended context.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.