Knowledge Storage C61b16

Security checks across malware telemetry and agentic risk

Overview

The available evidence points to a markdown-only guidance skill with overly broad trigger phrases, but no malware, code execution, persistence, credentials, or hidden high-impact behavior.

This appears acceptable to install from a security standpoint, but the trigger phrases should be narrowed before regular use so the skill only activates when explicitly requested.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger phrases include broad natural-language text such as “knowledge-storage” and “关于之前名称标签”, which can plausibly appear in ordinary user requests and cause unintended skill activation. Because this skill is a generic knowledge/guide skill rather than a tightly scoped command, accidental invocation is more likely and could route conversations into the wrong workflow or expose unneeded behavior.

Vague Triggers

High

Confidence: 99% confidence
Finding: Using the single word “The” as a trigger is unsafe because it is one of the most common English words and will match routine conversation constantly. This makes accidental activation highly probable, which can disrupt normal agent behavior and create opportunities for unintended skill execution whenever users write ordinary English text.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal