Back to skill

Security audit

Vocabulary Builder

Security checks across malware telemetry and agentic risk

Overview

This skill keeps a local vocabulary tracker and can schedule user-requested quizzes, which fits its disclosed language-learning purpose.

Install this if you want the agent to save vocabulary words, source context, pronunciation notes, and quiz history in your workspace. Avoid storing sensitive reading excerpts or personal information in the tracker, and only enable scheduled quizzes for delivery channels where recurring prompts are welcome.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill is primarily a vocabulary-learning assistant, but it also instructs the agent to create scheduled cron jobs that proactively send quiz messages. That expands the skill from reactive education into autonomous outbound messaging, which can lead to unwanted contact, notification spam, or misuse of delivery channels if user consent, rate limits, and destination validation are not tightly enforced.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The invocation description is broad enough to match common reading, word-help, and quiz-related requests, increasing the chance the skill activates in situations where the user did not specifically intend to use it. Over-broad triggering can cause unintended file reads/writes to the vocabulary tracker and unexpected behavior in normal conversations.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrase 'Quiz me' is very generic and may be invoked in contexts where the user is speaking casually or referring to something else. Because the skill records quiz state and may access stored vocabulary data, ambiguous triggering can cause unintended state changes and surprise interactions.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.