Character Intro

Security checks across malware telemetry and agentic risk

Overview

This is a simple character-profile helper; its main issue is possible over-broad activation or forced Chinese Markdown style, not hidden data access or harmful behavior.

Install this if you want structured character or person introductions. Be aware it may trigger on broad phrases like “介绍” or “是谁,” and it may prefer Chinese Markdown output unless your agent or prompt overrides that behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill description advertises broad trigger phrases such as “介绍 / 是谁 / 背景故事,” which are common in normal conversation and can cause the router to invoke this skill when the user did not explicitly request a structured character-profile workflow. Over-broad activation increases the chance of unintended web search, irrelevant takeover of general queries, and instruction conflicts with the user’s preferred format or language.

Natural-Language Policy Violations

Medium

Confidence: 82% confidence
Finding: The skill mandates Markdown, emoji, and a Chinese-centric output style regardless of user preference. While not a direct security exploit, this can override user/system intent, reduce controllability, and create prompt-routing side effects where the skill imposes formatting or language constraints that are not appropriate for the request.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal