Deep Search 244e83

Security checks across malware telemetry and agentic risk

Overview

This is a small markdown-only skill with broad trigger wording but no executable behavior, data access, persistence, or hidden actions.

This skill appears safe to install for its stated purpose. Be aware that the generic trigger phrase may activate it in unrelated conversations, so users who prefer precise skill invocation may want the trigger narrowed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The activation conditions are ambiguous because they allow the skill to trigger on very generic user phrases like '冷知识' without clear scope or intent checks. This can cause unintended invocation of the skill, which in a larger agent environment increases prompt-surface exposure and may interfere with user intent, even though this specific skill appears otherwise harmless.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal