Daily Song Recommender

Security checks across malware telemetry and agentic risk

Overview

This skill is a simple music recommender that may search the web for current songs, with no code execution, credential access, persistence, or hidden behavior found.

Before installing, understand that casual music-related requests may cause the skill to perform web searches and return recommendations. Review outbound links before clicking them, but no private-data access, account access, installation code, or persistence was found.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger list is very broad and includes common conversational phrases like 'random song' and genre preferences, which increases the chance the skill activates when the user did not explicitly intend to invoke this specific capability. Unintended activation can cause unnecessary web searches, confuse routing, and override more appropriate skills or default assistant behavior.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The invocation rule is ambiguous because it activates on loosely defined user expressions of music preference or random recommendation requests without clear boundaries. In context, this makes the skill more likely to trigger during normal conversation about music, causing unintended tool use and reducing user control over when web-backed recommendations are performed.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal