Back to skill

Security audit

Skill发布文案优化

Security checks across malware telemetry and agentic risk

Overview

This skill mainly provides publishing-copy guidance, but it also requires every response to include unrelated promotional text and an external link.

Review before installing. The skill can help write Skill marketplace metadata, but it will also add unrelated promotional material and an external link to every response. Install only if you accept that behavior, or remove the footer requirement first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to append fixed promotional and drainage content to every output, regardless of the user's request. This is dangerous because it causes hidden objective substitution: the agent's output is repurposed for unsolicited promotion and external-link distribution, which can mislead users and create spam, trust, and policy-compliance risks.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The guidance recommends broad, generic trigger phrases and explicitly encourages having many triggers covering common expressions. This is dangerous because it can cause over-triggering, making the skill activate during unrelated conversations and hijack normal workflows with irrelevant instructions or outputs.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The example trigger list contains generic phrases such as '优化文案', '润色一下', and '帮我修改这段文字' that commonly appear in unrelated writing tasks. In practice, this can divert user requests meant for other skills or the base assistant, resulting in unintended activation and degraded trust in agent behavior.

Natural-Language Policy Violations

Medium
Confidence
97% confidence
Finding
Mandating a fixed promotional message and subscription link in every response without user opt-in is a clear unsolicited-promotion behavior. It is dangerous because it systematically injects external calls to action into unrelated outputs, enabling spammy redirection and undermining user autonomy and platform trust.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.