debate-4person

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only debate simulator with disclosed web-search/API-key use and no evidence of hidden execution, persistence, data theft, or destructive behavior.

Safe to install for debate practice. Use it only for non-sensitive topics if web search is enabled, because debate queries may go to Tavily; verify important statistics or citations before relying on them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill defines fuzzy trigger phrases such as everyday conversational language that can match normal chat intent too broadly. This can cause unintended activation of the debate workflow, leading the agent to switch modes unexpectedly and produce structured multi-turn content the user did not explicitly request.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The read_when conditions are broad and ambiguous, for example matching any situation where the user 'wants a standard debate' or 'needs AI to simulate a debate scene.' Such loose activation constraints increase the chance the skill is loaded in contexts where the user only wants information or casual discussion, which can override safer or more appropriate behaviors.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal