Vietnam Education

Security checks across malware telemetry and agentic risk

Overview

This education skill is mostly purpose-aligned, but it asks users to run local helper scripts that parse free-form formulas without a clear safety boundary.

Review before installing. Prefer a virtual environment and local project dependencies instead of the global install commands, and only run the formula or graph helper scripts on expressions you trust or have checked.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The trigger scope is extremely broad and can activate on many ordinary education-related prompts without clear constraints on subject, grade, language, or output type. Over-broad activation can cause the wrong skill to take over user requests, increasing the chance of inappropriate tool use, misleading outputs, or unintended document generation in contexts where the skill is not actually suitable.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal