Back to skill

Security audit

world-cup-post-match-review-scene-en

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly a football review assistant, but it can query local notifications broadly for fan discussion, so it should be reviewed before installation.

Install only if you are comfortable with the agent using local notification retrieval for match-related fan discussion. Prefer setting specific apps, groups, and a narrow time window before using hot-topic or full-review modes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Low
Confidence
84% confidence
Finding
The skill allows notification queries across unspecified 'groups and applications' and even permits retrieval without limiting scope. In a system with access to local notifications, this can over-collect unrelated private messages and broaden access beyond what the user explicitly intended, creating privacy leakage risk.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.