Hk Cn Content Matrix

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese/Hong Kong social-media template pack with no code, credentials, or account access, though one promo file overstates automation features.

Install this as a template and strategy pack for Chinese/Hong Kong social-media writing. Do not assume it can schedule posts, monitor analytics, or auto-reply unless separate tooling and account permissions are reviewed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill description is broad and does not define clear trigger conditions, scope, or invocation boundaries. In an agent environment, this can cause the skill to match unrelated requests and be invoked too often, which may lead to unintended behavior, prompt hijacking opportunities, or misuse of content-generation instructions outside the intended social-media context.

Natural-Language Policy Violations

Medium

Confidence: 95% confidence
Finding: The skill is explicitly designed to generate Chinese-language X/Twitter posts and provides only Chinese templates, hashtags, and writing guidance without any user language choice or opt-in. This can override user preferences, reduce usability for non-Chinese speakers, and cause unintended output in the wrong language or market context.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal