Back to skill

Security audit

project-diagnosis-skill

Security checks across malware telemetry and agentic risk

Overview

This appears to be an instruction-only business diagnosis skill with no evidence of hidden code, credential access, persistence, or destructive behavior.

Install if you want Chinese-language business diagnosis guidance. Be aware it may be selected for broad business, product, sales, or growth questions, so users who need another language or a narrower specialist skill should choose accordingly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The activation description is very broad and can match a wide range of ordinary business, product, sales, and growth questions. In a skill-routing system, this can cause over-selection of this skill, crowding out more appropriate or safer specialized skills and leading to unintended prompt capture or policy drift across many benign requests.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The skill content is written entirely in Chinese and does not offer a user-language choice or document a justified locale restriction. This can create unsafe or degraded interactions when the platform or user operates in another language, increasing the risk of misunderstanding instructions, recommendations, or follow-up actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.