consumerResearch消费者人群画像分析

Security checks across malware telemetry and agentic risk

Overview

This consumer research skill is transparent about web-based research, questionnaire work, and local report storage, with no hidden data access or destructive behavior found.

Install only for consumer insight or product research workflows. Avoid storing real identifiable survey responses unless you have consent and a retention/deletion plan, and invoke the skill deliberately with a clear target audience and research objective.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 79% confidence
Finding: The trigger conditions are broad (`新品开发立项、用户研究、产品优化方向确定`), which means the skill could activate across many loosely related business workflows without clear user intent or scoping. In practice, over-broad activation can cause unnecessary web collection and local data storage, increasing the chance of handling sensitive consumer research data when the user did not explicitly request this skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal