Back to skill

Security audit

Table Specification

Security checks across malware telemetry and agentic risk

Overview

This appears to be an educational exam-blueprint skill with routing and language-scope concerns, but no evidence of harmful access, persistence, credential use, or hidden execution.

Install this if you want a Chinese-oriented exam blueprint/table workflow. Review the trigger wording if you use many education skills, because it may activate for broad exam-creation prompts; specify your preferred language and task scope when using it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

High
Confidence
96% confidence
Finding
The skill description mandates activation for very broad phrases such as generic requests to create an exam, which can cause this skill to intercept ordinary user intents even when the user did not ask for a blueprint/table workflow. In an agent system, overly broad routing increases the chance of misfires, unnecessary document loading, and instruction shadowing that can override more appropriate skills or direct model behavior without clear user consent.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The skill description is written as Chinese-first and does not offer user language choice, which can force outputs or interaction patterns inconsistent with the user's locale or accessibility needs. While not directly code-execution dangerous, hard-coded locale behavior can cause user confusion, reduce transparency, and increase the likelihood that the system follows skill defaults rather than user intent.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.