Back to skill

Security audit

Report To Visualization

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only report-formatting skill that converts provided report text into visualization JSON and does not show hidden system access or unsafe behavior.

Safe to install for converting reports into structured visualization components. Review generated JSON for accuracy, completeness, and language fit, especially because the skill may activate on broad chart/report wording and requires strict output formatting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill description includes broad activation triggers such as “可视化报告”, “用图表展示”, and “图文并茂”, which can match many ordinary requests that are not specifically asking for this exact transformation skill. Over-broad routing increases the chance the skill is invoked unexpectedly, causing user requests to be hijacked into rigid JSON/module output and potentially bypassing more appropriate skills or normal assistant behavior.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The skill metadata and instructions are written in Chinese and the description implies the interaction/output will be in Chinese without checking user preference. Forcing a language can mis-handle user intent, degrade safety-relevant comprehension, and cause users to accept incorrect or unreadable outputs, especially when the skill also mandates a strict output format with no explanatory text outside the code block.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.