Echo Test

Security checks across malware telemetry and agentic risk

Overview

This is a simple echo test skill that repeats the user's input with a timestamp and does not show hidden access or unsafe behavior.

This skill is appropriate for basic echo testing. Because it repeats user-provided text back into the conversation, users should avoid entering secrets or private information, and should be aware that its broad activation wording may make it respond when they did not specifically intend to invoke it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The skill can be invoked by extremely generic, everyday speech such as 'say anything,' making accidental activation likely. Even though the described behavior is low-risk echo functionality, broad triggering can cause unintended invocation, confusing user experience, and possible exposure of recently spoken content through echoing.

Natural-Language Policy Violations

Low

Confidence: 84% confidence
Finding: The skill description and usage are entirely in Chinese and imply Chinese-language interaction by default without indicating language choice or user consent. This is primarily a usability and consent issue rather than a direct security flaw, but it can mislead users about expected behavior and reduce transparency in multilingual environments.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal