Character Sheet

Security checks across malware telemetry and agentic risk

Overview

This skill is a narrow character-sheet prompt helper with no executable code, persistence, credentials, or hidden data access.

Installers should understand that this skill may activate on broad character-design phrases, but its disclosed behavior is limited to generating structured character reference prompts and it does not appear to access private data or modify the environment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger phrases include very common terms like '画角色' and '人物设计', which can easily appear in ordinary user requests and cause unintended activation of the skill. Over-broad triggering can route benign conversations into this workflow unexpectedly, leading to incorrect tool behavior, prompt hijacking opportunities through misrouting, or degradation of user control over which skill is used.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal