Li Git1.1 Checker

Security checks across malware telemetry and agentic risk

Overview

This is a benign standards-document checking skill, with minor caveats around broad auto-loading wording and temporary PDF page image files.

Install only if you want a GB/T 1.1-oriented standards-document reviewer. Avoid giving it unrelated private documents, and be aware that its example workflow may create temporary rendered PDF page images under /tmp during analysis.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Low

Confidence: 82% confidence
Finding: The skill explicitly processes user-supplied documents and renders PDF pages to predictable temporary files under /tmp, but it does not disclose this handling or caution users about local artifact creation. This can expose sensitive document content to unintended local retention, collision, or later access by other processes in shared environments.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The skill advertises an automatic trigger for a very generic request like '请检查这个文档', which can cause the tool to activate on ordinary user messages without an explicit request for this specific skill. Over-broad auto-activation increases the chance of unintended document processing, unnecessary tool execution, and incorrect application of a GB/T-oriented checker to unrelated content.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal