代码生成 876ae0

Security checks across malware telemetry and agentic risk

Overview

This is a simple markdown skill for code-generation learning notes, with broad activation wording but no executable behavior or sensitive access.

Before installing, understand that this skill may activate for general code-generation requests, not only Simulink embedded-code tasks. It appears low risk because it is only markdown guidance, but its content is broad and auto-merged, so review whether the references are useful for your workflow.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger phrase "代码生成" is extremely broad and likely to match many ordinary user requests, causing this skill to activate outside its intended Simulink/embedded-code context. Overbroad activation increases the chance of prompt hijacking, unintended tool use, or irrelevant skill injection into unrelated conversations.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The condition "用户需要代码生成相关帮助" is ambiguous and effectively acts as a catch-all for a very large category of requests. This makes the skill eligible in many unintended contexts, which can override more appropriate skills or inject loosely related instructions into normal coding assistance flows.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal