产业-产业链分析与趋势研判工具

Security checks across malware telemetry and agentic risk

Overview

This skill is a public-source research workflow for evaluating company-university R&D partnerships, with no code execution, credentials, persistence, or local data access.

Safe to install from a security perspective. Users should be aware it may activate on broad enterprise or industry research requests, and its investment or due-diligence style conclusions should be verified against primary sources before making business decisions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger conditions are broad, natural-language descriptions that overlap with ordinary industry-analysis requests, so the skill may activate when the user did not explicitly intend to invoke it. This can cause incorrect tool routing, unintended processing of enterprise lists or regional context, and reduce user control over when structured analysis is performed.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal