Back to skill

Security audit

设计框架套件 - 确认处理器

Security checks across malware telemetry and agentic risk

Overview

This is a small instruction-only Telegram/design workflow helper, but its generic reply triggers could cause accidental confirmation or regeneration in a chat.

Install only as part of the intended design-framework suite after reviewing the referenced sender skill and any external scripts under $SK. Prefer explicit commands or structured replies for confirm/regenerate, bind replies to the originating user/session, and keep the temporary-file cleanup limited to the suite's own /tmp files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The confirmation handler accepts very broad everyday phrases such as “好的”, “ok”, “可以”, and “行” as approval signals. In a group chat or threaded workflow, these common acknowledgements can easily appear without explicit intent to approve the pending design task, causing unintended progression into the image-generation flow.

Vague Triggers

Medium
Confidence
91% confidence
Finding
Using “重新” or an emoji like “🔄” as a regeneration trigger is ambiguous because these are common conversational responses and symbols. This can cause accidental regeneration, unnecessary compute usage, and state confusion, especially when the skill is activated merely by the presence of a shared lock file indicating a pending task.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.