企业-新品全网口碑舆情测算

Security checks across malware telemetry and agentic risk

Overview

This skill is a public web research and sentiment-analysis helper for new product reputation, with no executable code or privileged access.

Install only if you are comfortable with a Chinese-language workflow. Because the skill summarizes public reviews and market sentiment, verify citations and sample sizes before using its conclusions for business decisions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Natural-Language Policy Violations

Medium

Confidence: 94% confidence
Finding: The skill description and trigger text are entirely in Chinese and do not provide any language selection or fallback behavior. This can cause users or upstream agents to invoke a skill they cannot understand, leading to mis-scoped execution, misunderstanding of capabilities, and reduced ability to notice unsafe or misleading behavior before tool use.

Natural-Language Policy Violations

Medium

Confidence: 96% confidence
Finding: The required output schema mandates Chinese section headers and implicitly forces Chinese responses regardless of the user's locale. This creates a usability and security risk because users may be unable to verify sources, challenge conclusions, or detect fabrication and overreach, especially in a skill that performs web search and sentiment synthesis from many external sources.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal