EO Blog Dev

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only demo skill for using an external collaboration plugin to generate a blog project, with its broad workflow disclosed.

Install this only if you also trust the EO collaboration plugin it depends on. Treat generated code, Docker, CI/CD, and deployment files as drafts: inspect them, avoid sharing secrets, use test credentials, and review before running or deploying anything.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The invocation phrase "帮我用多专家协作开发一个博客系统" is very broad and maps directly to automatic orchestration of multiple expert roles with code and deployment outputs. Because it lacks scope limits, confirmation gates, or explicit user-consent boundaries for plugin use, it could be triggered in situations where the user did not intend full multi-agent execution or where unsafe downstream actions are taken too eagerly.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal