Back to skill

Security audit

Fifteenth Plan Agent

Security checks across malware telemetry and agentic risk

Overview

This skill is a narrow research assistant for Chinese five-year-plan policy documents and does not include executable code, hidden persistence, credential use, or destructive behavior.

Install this if you want help researching and comparing Chinese five-year-plan materials. Check that responses cite official sources and treat hardcoded or not-yet-official 15th-plan claims as provisional unless the agent verifies them from current authoritative sources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger keywords are generic topical terms such as '十五五', '五年规划', '政策分析', and '经济数据', which are broad enough to match many unrelated user requests. This can cause unintended invocation of the skill in contexts where the user did not explicitly request it, increasing the chance of inappropriate data collection, overreach, or confusing responses in policy- or government-related conversations.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.