根据你的要求总结资讯摘要

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only web research skill that guides an agent to search public sources and write cited summaries, with no code execution or credential access.

Install if you want structured public web research summaries with citations. Review important cited claims yourself, and be aware that the skill may produce Chinese section headings unless your agent adapts the template.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger description is broad enough to capture many generic requests for researching, collecting information, or producing summaries with sources. In a multi-skill agent, this can cause inappropriate routing, unexpected web access, or invocation when a narrower or safer skill would be more appropriate, increasing the chance of scope confusion and user-surprising behavior.

Natural-Language Policy Violations

Medium

Confidence: 81% confidence
Finding: The template hard-codes Chinese section headings and labels as the mandatory output format, which can override user language expectations despite earlier guidance to match the user's language. This is dangerous mainly as a policy/compliance and usability issue: it can degrade output correctness, break downstream parsers expecting locale-specific formatting, and cause the skill to ignore user constraints.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal