Certificates

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a certificate-service guidance skill, with only a scope clarity issue around broad trigger examples.

This looks acceptable to install for certificate-related help, but users should treat it as guidance only: confirm official government requirements directly, avoid sharing identity documents or sensitive personal data unless the task clearly requires it, and prefer explicit certificate-related prompts so the skill is not invoked for unrelated questions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The example trigger phrases are highly generic and include placeholders like '具体场景任务' and broad requests about '核心功能' and '最新玩法/优惠信息', which can match many unrelated user queries. In an agent-routing context, this increases the chance the skill is invoked for requests outside its intended scope, potentially causing inappropriate handling of sensitive certificate-related workflows or disclosure of misleading government-service guidance.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal