视频剪辑 69cfc9

Security checks across malware telemetry and agentic risk

Overview

This is a simple video-editing reference skill with broad triggers and messy merged examples, but it does not run code, request access, or hide risky behavior.

Install only if you want a lightweight Chinese video-editing reference skill. Expect possible accidental activation on broad video-editing or 2025-related prompts; review the content quality before relying on its recommendations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger scenarios are extremely broad, including common phrases like "视频剪辑" and "2025年", which can cause the skill to activate during ordinary user conversations unrelated to this specific learned content. Overbroad activation increases the chance of unintended routing, context poisoning, and execution of irrelevant or low-quality skill behavior.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The manifest trigger field uses ambiguous terms such as "视频剪辑 / 2025年 / 到底用什么剪辑软件", where at least two components are generic enough to match many benign user requests. Because manifest triggers may influence automatic skill selection, this can cause accidental invocation and expose users to unrelated merged content embedded later in the file.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal