Cn Email Template

Security checks across malware telemetry and agentic risk

Overview

This skill is a local Chinese business email template generator and does not show evidence of sending email, collecting data, persistence, or hidden system access.

Install only if you want a Chinese business email draft generator. It does not appear to send messages or access private data, but its outputs are automatically generated and should be reviewed for accuracy, tone, recipient, and sensitive business details before sending.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill describes broad email-generation capabilities but does not define clear activation constraints, allowed inputs, or trigger boundaries. In an agent setting, this can cause the skill to activate too broadly or on ambiguous prompts, leading to unintended generation of business communications, prompt hijacking through loosely scoped inputs, or misuse in contexts the user did not explicitly request.

Natural-Language Policy Violations

Medium

Confidence: 88% confidence
Finding: The skill is explicitly scoped to Chinese business email output without indicating that the user must opt in to that language. In an agent workflow, forced language behavior can override user preferences or system context, causing miscommunication, failed task completion, or unintended disclosure if messages are generated in the wrong language for the recipient.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal