Back to skill

Security audit

GlobalWire

Security checks across malware telemetry and agentic risk

Overview

GlobalWire is an instruction-only news briefing skill with disclosed formatting, sourcing, and optional markdown archiving behavior.

Install this if you want a structured news-desk style for major global events. Be aware it may activate on broad news questions, may create local markdown archives for repeatable or archival workflows, and uses its own source-priority hierarchy; ask the agent to return chat-only output or to use specific sources if those defaults do not fit your needs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description uses very broad trigger phrases such as requests about 'major world events' and 'what happened today,' which are common user intents that can cause the skill to activate in many ordinary news-related conversations. Over-broad routing can inappropriately steer unrelated requests into this skill's formatting and source-handling rules, increasing the chance of misclassification, unintended prompt influence, or interference with a more suitable tool or safer workflow.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill enables implicit invocation, but the activation guidance is broad and generic ('major world events', 'what happened today', 'credible'). This can cause the agent to invoke the skill in contexts the user did not explicitly request, potentially reshaping answers, adding authoritative-looking confidence labels, or prioritizing formatting over the base system’s intended behavior.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The file explicitly permits saving generated content even when the user did not ask to save, which authorizes unsolicited workspace modification. In an agent setting, this can lead to unexpected file creation, silent accumulation of artifacts, and abuse by prompting the skill in contexts where the user expected read-only assistance.

Natural-Language Policy Violations

Medium
Confidence
94% confidence
Finding
The file hard-codes a source hierarchy that strongly privileges Western/English-language outlets as the default backbone for truth assessment, while relegating Chinese and social sources to lower tiers without user consent, locale justification, or a transparent balancing policy. In a news-briefing skill, this can systematically bias outputs, suppress relevant regional perspectives, and mislead users into over-trusting one geopolitical framing as neutral fact.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.