Action Director

Security checks across malware telemetry and agentic risk

Overview

This appears to be a language and formatting skill for Chinese action-scene/video prompt generation, with no evidence of data access, commands, persistence, or hidden behavior.

Install this if you want a Chinese-language action-scene prompt formatter. Be aware it may steer replies into a fixed Chinese format when broad action-related phrases are used; choose a narrower or configurable version if you need mixed-language behavior or more control over when it activates.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger phrases are broad everyday terms such as '动作戏', '打斗', and '动作设计', which can match many ordinary creative requests and cause the skill to activate unexpectedly. Over-broad activation increases the chance of prompt interception or unintended behavioral override, especially because the skill imposes rigid output and formatting rules once triggered.

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: The skill is written to enforce a Chinese-only interaction and output style without checking the user's preferred language or asking for consent. This can override user intent, degrade usability, and create instruction conflicts with a host system that expects language alignment, making accidental misexecution more likely when the skill triggers.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal