Back to skill

Security audit

Quiz Generator

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only quiz and questionnaire generator with no executable code, credentials use, network behavior, or persistence.

Safe to install from an agentic-security perspective. Use explicit prompts when invoking it, and treat generated psychology or mental-health quizzes as entertainment or self-reflection content, not diagnosis or medical advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The invocation examples are extremely broad natural-language phrases such as '生成一个心理测试' and '创建一个性格测试问卷'. Because they resemble ordinary conversation rather than a clearly namespaced command, they can cause accidental or overly eager invocation in unrelated chat contexts, leading the agent to generate quizzes when the user may simply be discussing the topic. In a skill that handles psychology/personality-related content, unintended activation can also produce misleading or sensitive-seeming assessment content without explicit user intent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.