Pdd Food Category Master

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only Pinduoduo food-store operations guide with broad activation wording but no hidden code, install hooks, or data access behavior.

Install only if you want a structured Pinduoduo food-category operations checklist. Treat its legal, tax, food-safety, complaint, and platform-enforcement guidance as advisory, verify against official rules or qualified professionals, and avoid granting file or terminal access unless a specific user-directed task requires it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger list is very broad and includes common ecommerce terms such as food operations, traffic rescue, DSR improvement, complaints, and store throttling. This can cause the skill to activate in many ordinary discussions where the user did not request this specific skill, increasing the chance of inappropriate instruction injection, off-target guidance, or unintended tool use in unrelated contexts.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The description says the skill activates when users mention a wide range of loosely bounded business topics, but it does not define clear activation limits. That ambiguity makes accidental invocation more likely and may route normal marketplace, legal, or compliance discussions into a highly specialized skill that presents itself as universally applicable and fully closed-loop.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal