Evidence Report

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese-language report-template skill for fact-checking and does not request system access, credentials, code execution, persistence, or private data.

Safe to install as a structured fact-checking report aid. Users should be comfortable receiving reports in Chinese and should still review cited sources themselves, because the skill enforces a reporting format but cannot guarantee the factual correctness of the evidence gathered.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 95% confidence
Finding: The skill mandates Chinese throughout its description, schema examples, and final reporting format without any mechanism to detect, preserve, or let the user choose their preferred language. In a multilingual agent system, this can degrade usability, cause misunderstandings of evidence and disclaimers, and reduce accessibility for users who cannot reliably read Chinese, especially in a fact-checking context where nuance matters.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal