Back to skill

Security audit

World Builder

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed creative world-building skill with minor routing caveats, not evidence of hidden or harmful behavior.

Install this if you want an agent to help create structured fictional worlds and optionally write generated world skills. Review generated skill descriptions before installing or enabling them, especially their trigger words, and only provide Character Builder skill paths that you intend the skill to read.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list includes very broad phrases such as “世界观” and “世界设计,” which can cause the skill to activate in contexts far beyond explicit world-building requests. In an agent environment, over-broad routing can hijack unrelated conversations, leading to misexecution, prompt confusion, or unintended file/tool access through this skill’s downstream workflow.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The requirement for SKILL.md to include a generic one-line description plus trigger words, without constraining scope or excluding broad phrases, can produce generated skills that activate on very common worldbuilding-related language. In an agent skill system, overly broad triggers create prompt-routing ambiguity and unintended invocation, which can cause the wrong skill to take control of benign conversations and increase the attack surface for instruction capture.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The instruction about 'how to enter this world' is underspecified and does not clearly separate skill activation from normal thematic conversation. That ambiguity is risky in a skill-based agent because generated skills may treat casual discussion about settings, fiction, or world concepts as authorization to apply the skill's pipeline and constraints, leading to unintended behavior or context hijacking.

Vague Triggers

Medium
Confidence
94% confidence
Finding
Mandating trigger words in the description format without defining specificity or banned broad phrases encourages downstream skills to embed expansive activation language in metadata. In this skill context, that is more dangerous because the artifact being generated is itself another skill, so ambiguous trigger design propagates into additional skills and scales the misrouting problem.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.