aurora-norfolk

Security checks across malware telemetry and agentic risk

Overview

This skill is a narrow aurora-planning workflow that uses public forecast data and optional local state, with no evidence of hidden or harmful behavior.

Install only if you want a scheduled Norfolk aurora watch. Keep any recurring checks and state file in a known limited location, and limit the agent to public forecast sources plus its own small state record.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
System Prompt LeakageDirect Leakage, Indirect Extraction, Tool-Based Exfiltration
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Natural-Language Policy Violations

Low

Confidence: 88% confidence
Finding: The instruction 'Always: Use Europe/London local time' imposes a fixed locale behavior in natural language. The file does not offer user opt-in or an alternative formatting choice, so it can conflict with a policy requiring language/locale choice unless the constraint is explicitly justified.

Direct Prompt Extraction

High

Category: System Prompt Leakage
Content: - action - next check time ## Output rules Always: - Use **Europe/London** local time.
Confidence: 85% confidence
Finding: Output rules

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal