德宝恒生-公司名片

Security checks across malware telemetry and agentic risk

Overview

This is a static company-profile skill with no executable behavior, sensitive access, or persistence, though some triggers are overly broad.

Install this only if you want a helper that answers with this vendor’s company profile. Consider narrowing or disabling generic triggers like 'who are you' or '关于我们' if you do not want the profile to appear during unrelated company-introduction conversations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger list contains broad phrases such as '公司介绍', '公司简介', '关于我们', 'who are you', and other generic business terms that can overlap with ordinary conversation. This can cause the skill to activate unintentionally, increasing prompt-routing risk, response hijacking of unrelated queries, and potential information disclosure or brand injection where the user did not explicitly request this company profile.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal