Auto Agent 4974 F58bc0

Security checks across malware telemetry and agentic risk

Overview

This is a small educational guide skill with broad trigger wording, but it does not request sensitive access, execute code, persist, or handle user data.

This skill appears safe to install as an educational guide. Be aware that its triggers are somewhat broad, so it may activate when discussing Notion, custom agents, or the phrase “一口气搞懂” even if you did not intend to invoke this exact skill.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger phrase "一口气搞懂" is generic conversational language rather than a narrowly scoped invocation, so the skill may activate during ordinary user requests that are unrelated to this skill. Unintended activation can cause the agent to inject irrelevant guidance or override the expected workflow, creating prompt-routing and least-surprise issues.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The condition "用户需要auto_agent_4974相关帮助" is ambiguous because many requests could be interpreted as loosely related to the topic, allowing subjective or overly aggressive activation. This increases the risk of accidental skill invocation and inappropriate behavior in contexts where the user did not explicitly request this skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal