Back to skill

Security audit

Academic Paper Mentor

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a coherent academic writing mentor, with only a minor routing concern from broad trigger phrases.

Before installing, understand that this skill may activate on broad academic-writing prompts and may use web research and memory to help with papers. Review memory behavior if you will discuss unpublished research, private drafts, or sensitive academic data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list contains very broad phrases such as “写论文”, “学术写作”, and “文献综述”, which are common requests that may appear in many unrelated contexts. This can cause unintended activation of the skill, leading the agent to invoke specialized academic-mentoring behavior when the user did not explicitly request it, reducing predictability and potentially exposing tool use or memory behaviors unexpectedly.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The user-facing startup keywords repeat vague activation phrases like “写论文”, “研究框架”, and “帮我看看论文”, which are generic requests common across normal assistant usage. In a multi-skill environment, this increases the chance of accidental routing into this skill, causing overbroad interception of benign user requests and weakening user control over which behavior is applied.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal