prompt-bozo

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-writing skill for AI image and video generation, with no evidence of hidden execution, data access, persistence, or destructive behavior.

Safe to install for Chinese AI image/video prompt generation. Be aware that it may load Chinese-style guidance on broad terms like dynasty names or ancient-style keywords, so check the output if you were only discussing those topics rather than asking for a creative prompt.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger list is broad and includes generic, commonly used terms such as '中国风', '古风', and dynasty names, which can cause the reference file to load in contexts where the user did not intend to request this specialized skill behavior. In an agent system, overly permissive activation can lead to unintended prompt shaping, context contamination, or misrouting, reducing reliability and potentially influencing downstream outputs in ways the user did not request.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal