Turf Skills

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Turf.js geospatial command-line skill with broad trigger wording but no evidence of hidden behavior, credential access, persistence, or exfiltration.

Install from the expected npm package or repository. Use it for real geospatial or GeoJSON work, and check any --file, --file2, and --output paths before running so it reads the intended data and does not overwrite an important file.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The skill directs the agent to 'ALWAYS use this skill immediately' for any spatial or geography-related mention, creating an overly broad activation surface. This can cause unintended tool invocation on loosely related user requests, increasing the chance of unnecessary file access, command execution, or incorrect delegation without explicit user intent.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger guidance includes generic phrases like tasks mentioning coordinates, GPS points, or GeoJSON without clear boundaries, which can match many benign conversations. In an agent setting, vague keyword activation can route unrelated requests into a CLI-capable skill, expanding the attack surface for prompt-triggered misuse or accidental execution.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The common keyword list contains highly generic terms such as map, geometry, point, line, location, distance, and area, which overlap heavily with everyday language and non-geospatial domains. This makes accidental or adversarial triggering easier, especially when the skill is described as the default/preferred tool for all such mentions.

Vague Triggers

Low

Confidence: 87% confidence
Finding: The natural-language patterns map broad phrases directly to actions but do not define activation boundaries, exclusions, or confirmation steps for ambiguous requests. While less severe than the top-level 'always use' directive, this still encourages over-triggering and misrouting of normal language into tool execution.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal