College Exam Sprint

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed, instruction-only study planning skill that reads and updates user-visible exam prep materials without executable code or hidden access.

Install only if you want an exam-prep workflow that organizes local study files and progress records. Keep unrelated private documents, credentials, and sensitive personal files out of the recommended study folder, and be aware that general study prompts may activate the skill.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The default trigger phrases are broad natural-language expressions such as '讲一下今天的重点' and '给我一个例题并一步步提示', which can overlap with ordinary conversation and cause the skill to activate when the user did not explicitly intend to invoke it. Unintended activation can redirect the agent's behavior, pull in workspace study data, and produce actions or outputs under the wrong context.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The skill describes itself as applicable to many university courses and says the sample course does not limit actual applicability, but it does not define strong boundaries for when the skill should or should not take over. That broad scope increases the chance of over-triggering, misuse outside the intended study-planning context, and inappropriate handling of unrelated academic requests.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal