Find Community

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only business coaching skill for finding target communities, with no code execution, data access, or persistence.

Install this if you want structured guidance for finding a business community. Be aware it may activate on broad startup-advice prompts and may need language-handling edits if used with non-Chinese users.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger keywords and read conditions are broad enough to match many ordinary entrepreneurship queries, which can cause the skill to activate when the user did not specifically ask for this framework. This is primarily a scope-control and routing problem rather than a direct security exploit, but it can still steer conversations unexpectedly and reduce user control over assistant behavior.

Natural-Language Policy Violations

Medium

Confidence: 81% confidence
Finding: The skill is entirely authored in Chinese and does not provide any instruction to adapt to the user's preferred language, so it may respond in Chinese even when the surrounding conversation is in another language. This can cause user confusion, reduce transparency, and create unsafe misunderstanding in multilingual contexts, though it is not inherently malicious.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal