Translation Review Skill

Security checks across malware telemetry and agentic risk

Overview

This is a low-risk text guidance skill with slightly broad activation wording but no code, credentials, persistence, or privileged actions.

Safe to install for basic translation-review or language-learning checklists. Be aware it may activate for broader planning requests because its trigger wording is generic; users who want precise behavior should narrow it to source/target translation comparison, terminology, fluency, and fidelity review.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 79% confidence
Finding: The 'When to use' section is broad enough to match many generic assistance requests, which can cause the skill to activate outside its intended translation-review scope. Over-broad triggering is a real security-relevant weakness because it increases unintended routing and prompt-surface exposure, though this specific skill's content is otherwise low risk and includes sensible safety rules.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The example prompt 'Help me outline a concise plan using the Translation Review approach' is phrased like ordinary everyday speech and could be matched in contexts unrelated to this skill. Such ambiguous trigger text can cause accidental invocation or misclassification, expanding the skill's effective scope beyond its intended domain.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal