软件项目开发规划助手

Security checks across malware telemetry and agentic risk

Overview

This skill is a simple project-planning interview template and does not request credentials, run code, or access files beyond its bundled template.

Reasonable to install for software project planning. Be aware it may activate on broad planning phrases and may ask a fixed sequence of questions; avoid sharing confidential project details unless you are comfortable including them in the chat.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill’s activation guidance includes broad phrases such as 'help me plan,' 'design a system,' and 'start a new project,' which can match many ordinary user requests outside the intended scope. This can cause the wrong skill to be invoked, leading to unintended requirement-harvesting behavior and potentially steering users into a rigid multi-turn workflow when another skill or a direct answer would be more appropriate.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal