Back to skill

Security audit

Ask User Workflow

Security checks across malware telemetry and agentic risk

Overview

This is a simple clarification-workflow skill that may ask users extra setup questions, but it does not request sensitive access or perform hidden actions.

Install this if you want the agent to pause on vague requests and gather requirements before acting. Expect occasional extra clarification prompts; there is no artifact evidence of credential use, persistence, file access, or hidden execution.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The activation description is broad enough to match many normal requests involving ambiguity or planning, which can cause this skill to trigger in situations where it was not specifically intended. Over-broad activation increases the chance of inappropriate workflow interception, unnecessary user questioning, and conflicts with more specialized skills that should handle the request instead.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The example trigger phrase '帮我做个XXX' is extremely generic and overlaps with everyday user language, making accidental activation likely. If reused by routing or prompt-matching logic, this can cause the skill to capture a wide range of ordinary requests and steer the interaction into an unnecessary clarification flow.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The usage guidance still depends on vague criteria like users saying '帮我做个XXX' without enough precise boundaries, so activation remains subjective and over-inclusive. This makes the skill more dangerous in context because its purpose is to interrupt execution and ask structured questions, meaning false activations directly affect user experience and can derail task handling.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.