教学设计

Security checks across malware telemetry and agentic risk

Overview

This is a text-only Chinese instructional-design skill that may handle user-provided business context but has no code, system access, persistence, or hidden data flow.

Safe to install for training and instructional-design help. Avoid pasting confidential business documents unless necessary, and have a qualified person review outputs before using them for strategic, compliance, legal, financial, or operational decisions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The skill metadata description is very broad and does not define clear trigger conditions, scope boundaries, or exclusions. This can cause the agent to activate in unrelated contexts and process sensitive business inputs unnecessarily, increasing the risk of overreach, misrouting, or unintended disclosure.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The application scenarios span business operations, strategic decision support, automation, performance management, vendor management, and enterprise implementations without concrete constraints. Such wide framing makes accidental activation and misuse more likely, especially in high-sensitivity enterprise contexts where the skill may be treated as authoritative beyond instructional design.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal