Ecom Intel

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed iflow knowledge-base assistant that handles user-directed uploads, searches, generation, sharing, and knowledge-base management.

Install only if you intend to use iflow as an external knowledge-base service. Be aware that uploaded files, pasted notes, URLs, searches, and generated outputs may be sent to or stored in iflow, and sharing a knowledge base exposes a read-only snapshot of its files and outputs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger phrase '帮我深度研究一下 [研究对象]' is very broad and overlaps with normal conversation, which can cause unintended invocation of the skill in unrelated contexts. In an agent environment, overbroad activation can route sensitive or unrelated user requests into this skill, causing privacy leakage, incorrect tool usage, or confusing behavior.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal