中考短文填空识别与格式化

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill OCRs exam images and can create Word or Feishu outputs, with the Feishu sharing behavior disclosed rather than hidden.

Install this only if you want an agent to OCR uploaded exam images and produce Word or Feishu outputs. Before using the Feishu path, confirm the destination and review the recognized text and answers because that content may be stored or shared outside the chat.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill instructs sending generated DOCX files and Feishu table links externally, but it does not require explicit user confirmation, disclose that extracted image content will leave the current environment, or impose any data-sensitivity checks. Because the workflow processes uploaded images that may contain student data, school information, or copyrighted materials, silent transmission to Feishu creates a real privacy and data-handling risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal