Vague Triggers
Medium
- Confidence
- 90% confidence
- Finding
- The README explicitly advertises very broad activation phrases such as "generate a poster", "create a dashboard", and "make an infographic", which can overlap with many ordinary user requests and cause the skill to be invoked outside narrowly intended contexts. In an agent environment, overly broad triggers increase the chance of inappropriate routing, accidental execution on untrusted input, and expansion of the skill's attack surface even if the package itself is not overtly malicious.
