BBQ

Security checks across malware telemetry and agentic risk

Overview

This is a simple barbecue restaurant recommendation skill with no code, install scripts, credentials, or hidden system access.

Safe to install based on the provided artifacts. Use it as restaurant and route-planning guidance, and verify current opening hours, reservation rules, queue times, prices, and ratings before visiting.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The invocation description is broad enough to match general travel-planning requests, not just narrowly scoped '网红烧烤' recommendations. This can cause the skill to activate in contexts where users did not specifically intend to use it, leading to poor routing, irrelevant recommendations, and unnecessary exposure of the skill in unrelated conversations.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal