test

Security checks across malware telemetry and agentic risk

Overview

This is a game-design advice skill with no install scripts, executable code, or data access; its main caveat is broad activation wording.

Reasonable to install for game design help. Be aware it may activate on broad game-design topics, and use care with retention, monetization, or behavioral-economics suggestions so they stay ethical and appropriate for your audience.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill defines a broad, persistent persona and capabilities but provides no explicit activation criteria, boundaries, or disallowed tasks. In an agent framework, ambiguous invocation can cause the skill to be selected outside its intended context, leading to overreach, inappropriate influence on unrelated tasks, or unsafe application of persuasive/economic design guidance.

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The activation text is generic enough that ordinary requests about game design could unintentionally invoke this skill without clear user intent or scope boundaries. In multi-skill or agent-routing environments, this can cause inappropriate delegation, prompt-scope confusion, or accidental application of this persona where stricter routing should occur.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal