品牌定位

Security checks across malware telemetry and agentic risk

Overview

This is a simple brand-positioning guidance skill with no executable code, hidden behavior, or unusual access requests.

Safe to install as a business-guidance skill. When applying it to real projects, use approved data sources and follow your organization’s privacy, compliance, and platform rules for any dashboard or knowledge-base work.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The invocation description is broad enough that an agent may call this skill for loosely related branding, strategy, or marketing tasks without a clear trigger boundary. That can cause inappropriate skill selection, scope creep, and accidental use of any embedded guidance or downstream resources in contexts the author did not intend, though this file itself contains no overtly malicious instructions.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal