Security audit

德胧思想领袖论坛v3.0

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed persona-simulation skill for internal brainstorming, with no evidence of hidden access, credential use, persistence, exfiltration, or destructive behavior.

Install only if you want an internal brainstorming tool that simulates public figures. Keep the AI-simulation labels, do not publish outputs as real statements, avoid pasting confidential meeting notes unless appropriate for your agent environment, and ask for sources or explicit confirmation before any supplemental search.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Description-Behavior Mismatch

Medium

Confidence: 75% confidence
Finding: The instruction that the system may '自行搜索补充' background information introduces a data-ingestion path inconsistent with the claimed controlled simulation format. If the agent is allowed to fetch untrusted external content, that content can influence outputs, weaken the promised labeling/compliance boundary, and potentially import prompt-injection or misinformation into simulated persona responses.

Vague Triggers

Medium

Confidence: 80% confidence
Finding: Overly broad trigger phrases increase the chance of accidental or premature activation during ordinary conversation. In a skill that simulates named public figures and may generate authoritative-sounding advice, unexpected activation can cause misleading outputs, reputational harm, or unintentional processing of sensitive meeting content under the wrong mode.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: An ambiguous automatic activation condition for common phrases like '讨论' creates unsafe mode switching and makes it easier to trigger the skill unintentionally. Given the context—simulated executives/investors and discussion of internal strategy—misactivation can produce fabricated attributed viewpoints or ingest sensitive context without the user clearly opting into that behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.