football-bayes

Security checks across malware telemetry and agentic risk

Overview

This skill gives football match probability analysis using public web sources and does not show hidden access, persistence, or unsafe behavior.

Install this if you want Chinese-language, web-backed football match probability analysis. Review cited sources and timestamps, avoid sharing private betting account access or credentials, and treat probabilities or betting suggestions as uncertain analysis rather than guarantees.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger conditions are broad enough to activate on many generic football-analysis requests, including loosely related terms like probability, tactics, or web fetching. This can cause unintended skill invocation, leading to overcollection of external data, user confusion, and the skill steering responses into a specialized workflow when the user did not clearly request it.

Natural-Language Policy Violations

Medium

Confidence: 86% confidence
Finding: The skill description is written to enforce Chinese-language behavior and a specific persona without checking the user's preferred language. This can override user expectations, reduce transparency, and make the agent less controllable, especially if the broader system or user requested another language.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal