Agent开发 09770e

Security checks across malware telemetry and agentic risk

Overview

This is a messy non-executable learning-notes skill, not a skill that appears to steal data, run code, or change user resources.

Install only if you want rough video-derived notes about Agent development and related AI topics. Expect duplicated/off-topic PS Portal content and broad activation; narrowing or cleaning the triggers would improve reliability.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (9)

Description-Behavior Mismatch

High

Confidence: 94% confidence
Finding: The skill manifest advertises Agent development guidance, but the merged body is dominated by unrelated PS Portal/SonyAgent review content. This creates semantic drift: users and downstream systems may invoke the skill expecting safe, relevant agent-development behavior while receiving unrelated or low-quality instructions, increasing the chance of misrouting, prompt confusion, and unsafe automation based on irrelevant sources.

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: The skill's reference set includes unrelated gaming/device videos solely because they match the keyword 'Agent'. This weakens provenance and can poison the skill's behavior or recommendations with irrelevant material, which is especially risky for an agent-oriented skill that may be used in technical workflows.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger list includes broad phrases like 'Agent开发' and especially 'Agent', which are likely to collide with many unrelated user requests. Overbroad activation can cause the wrong skill to fire, injecting irrelevant instructions or content into conversations and degrading safety controls based on scoped tool usage.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The activation scenarios include a catch-all condition like users needing Agent development help, which is too ambiguous for reliable routing. In agent ecosystems, vague routing rules can cause accidental invocation in unrelated contexts, increasing the chance of contaminated responses from mismatched or merged content.

Vague Triggers

Low

Confidence: 78% confidence
Finding: The merged sub-skill uses a broad keyword trigger ('Agentic') without enough specificity to distinguish it from other ML, workflow, or general agent discussions. This can contribute to incorrect routing, though the direct impact is lower than the top-level generic triggers.

Vague Triggers

Low

Confidence: 82% confidence
Finding: The trigger based on a generic phrase like '清华开源' can match many unrelated open-source discussions and does not uniquely identify the intended content. This weak scoping increases the chance of accidental activation and polluted outputs.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: Using an extremely generic trigger like 'PS' is highly collision-prone and unrelated to the skill's declared Agent development purpose. This makes accidental invocation very likely and compounds the existing content-drift problem by routing users into irrelevant merged material.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The repeated use of the same generic 'PS' trigger shows the issue is systemic rather than incidental. Repetition increases the odds of persistent misrouting and suggests the merge pipeline is not enforcing trigger quality or topic boundaries.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: This repeated generic trigger remains dangerous because it continues to expose the skill to accidental activation by unrelated requests. In combination with the skill's semantic mismatch, it can repeatedly surface irrelevant or confusing instructions in normal user conversations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal