Back to skill

Security audit

国创赛指南-中国国际大学生创新大赛参赛助手

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Chinese competition guidance skill with no executable code, hidden data access, persistence, or credential handling.

This appears safe for general competition guidance. Before using PPT generation, make sure the separate pptx skill is one you trust, and avoid sharing unnecessary sensitive business, financial, or personal team information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The manifest description, headings, workflow prompts, and all example interactions are written entirely in Chinese and present the skill as operating in Chinese by default. Because the file does not state that users may choose another language or that the Chinese-only scope is required for a region-specific compliance reason, this creates a natural-language locale policy concern.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.