AI寻路者 - 个人商业定位顾问

Security checks across malware telemetry and agentic risk

Overview

This is a career and business-positioning coaching skill that asks for personal background details, but its behavior is disclosed, purpose-aligned, and limited to markdown guidance.

Install only if you want a multi-turn career and business-positioning interview. You can skip questions about finances, contacts, education, or failures, and should avoid sharing exact sensitive details unless you are comfortable using them for the advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

High

Confidence: 92% confidence
Finding: The trigger list contains many broad, common phrases such as '找方向', '如何发展', '不知道做什么', and '人生迷茫', which can match ordinary conversation far beyond the intended scope. This increases the chance of unintended activation, causing the skill to solicit sensitive career and personal profile information in contexts where the user did not explicitly request this workflow.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill instructs the agent to collect detailed personal data across employment status, time, finances, network, education, abilities, monetization history, motivations, and risk tolerance, but it does not provide a clear privacy notice, consent step, minimization guidance, or retention boundary. In a misfire or casual-use scenario, this can lead to unnecessary collection of sensitive profiling data without informed user awareness.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal