persona-simulator

Security checks across malware telemetry and agentic risk

Overview

This is a text-only persona roleplay skill with no code execution, data access, credentials, or persistence.

Install this for casual persona or roleplay conversations. For factual, high-stakes, or out-of-character answers, explicitly ask the assistant to leave the persona and use your preferred language.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill description activates on very broad phrases such as '以XX风格回答', '角色扮演', and '模拟人格', which are common conversational requests and can cause the skill to trigger when the user did not intend a persistent persona mode. This can override normal assistant behavior, increase prompt-routing ambiguity, and make later safety handling less predictable because the assistant is instructed to remain in-character across the conversation.

Natural-Language Policy Violations

Medium

Confidence: 78% confidence
Finding: The skill content is entirely Chinese-centric and defaults behavior without offering language choice, which can create mismatches with user intent and cause the assistant to continue in an unintended language. While not directly a classic security flaw, forced language behavior can degrade transparency, hinder user understanding of safety-relevant output, and increase the chance of miscommunication during sensitive interactions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal