AI公文写作助手

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese official-document writing helper with no executable code, hidden data access, persistence, or privileged behavior.

Before installing, understand that this skill is meant for Chinese official-document drafting and polishing. Review generated documents for accuracy, policy compliance, confidentiality, and local formatting requirements before using them in official settings.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The example triggers are very broad natural-language requests such as asking to write or polish a document, with no clear activation boundaries or disambiguation. In an agent ecosystem, this can cause the skill to activate unintentionally for ordinary conversation, increasing the chance of overbroad routing, prompt hijacking opportunities, or inappropriate handling of content outside the intended scope.

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: The description presents the skill as Chinese-language focused without indicating whether other languages are unsupported by design or whether users may choose a language. This can cause incorrect routing or poor user experience when non-Chinese prompts are matched to the skill, though it is primarily a policy/usability issue rather than a direct security exploit.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal