Security audit

无痛get十年工作经验

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese career-coaching skill that only reads its own reference files to help with role research, resumes, and interviews.

Install this if you want Chinese-language career guidance for the covered roles. Review resume and interview outputs carefully, replace templates with your real experience, and be aware the skill may trigger on broad career topics.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger examples and metadata indicate activation on a very broad set of common career-related terms such as resume writing, interview prep, career planning, and several job titles. Overly broad routing can cause this skill to activate for many generic conversations, potentially crowding out more appropriate skills, producing irrelevant guidance, or increasing exposure to prompt/content conflicts in unrelated contexts. The skill context makes this somewhat more dangerous because the domain terms are common and ambiguous across many user intents.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger description is broad enough to activate on many ordinary career-related conversations, which can cause the skill to take over unexpectedly and steer responses using its own instructions and resources. In an agent setting, overbroad activation increases the attack surface for prompt/instruction interference and can degrade user intent handling even without malicious content.

Natural-Language Policy Violations

Medium

Confidence: 82% confidence
Finding: Mandating a Chinese communication style without offering a user-language fallback can cause the skill to ignore or override the user's preferred language, reducing transparency and usability. While this is not a direct code-execution risk, it can lead to incorrect assistance, user confusion, and unreliable operation in multilingual contexts.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal