Security audit

Ai Astrochemistry

Security checks across malware telemetry and agentic risk

Overview

This is a plain educational astrochemistry skill with no executable code or sensitive access.

Install if you want Chinese-language astrochemistry reference material. Be aware it may activate for broad molecule, comet, or life-origin questions and may answer in Chinese unless your agent overrides language behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The invocation examples are extremely broad and do not constrain scope, which can cause the orchestration system to activate this skill for loosely related prompts about molecules, chemistry, comets, or life origins. Over-broad activation increases the chance of routing users into a domain-specific skill when they did not ask for it, producing irrelevant or misleading answers and creating prompt-surface for unintended behavior.

Natural-Language Policy Violations

Medium

Confidence: 80% confidence
Finding: The description hard-codes Chinese-language output without indicating that language should follow user preference or locale. This can cause incorrect skill selection or poor user experience for non-Chinese users, and in multi-skill systems it may override user intent or make outputs inaccessible.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.