Back to skill

Security audit

Processize

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a product-validation guidance skill, with only a minor risk that broad trigger phrases could activate it in unrelated chats.

Install if you want help validating product ideas and planning MVP delivery. Be aware it may trigger from broad Chinese phrases like “怎么开始”; if that becomes distracting, narrow or disable the trigger criteria.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list includes broad, everyday phrases such as '怎么开始' that can match many unrelated user requests, increasing the chance this skill activates outside its intended scope. Over-broad activation can cause unintended instruction injection into unrelated conversations, reducing system reliability and potentially steering users into irrelevant workflows.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.