Gr Community Ambassador

Security checks across malware telemetry and agentic risk

Overview

This is a markdown playbook for community and ambassador program operations, with no code, credentials, persistence, or hidden execution behavior.

Install this if you want a Chinese-first ambassador program playbook. Be aware that it may activate for broad community-growth prompts, and validate any marketing tactics such as social monitoring, reposting, and incentive programs against your community norms and platform rules.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger list contains broad, generic phrases such as "community building," "community management," and "user retention" that can match many ordinary user requests outside the narrow scope of this skill. This can cause the agent to invoke the skill in unintended contexts, overriding more appropriate behavior and increasing the chance of irrelevant, manipulative, or low-quality guidance being injected into conversations.

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: The skill body defaults to Chinese presentation while only linking to other languages, without a clear mechanism to detect or request the user's preferred language before delivering content. In practice, this can lead to misinterpretation of guidance, reduced transparency, and accidental misuse when the agent activates the skill for users expecting another language.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal