Security audit

中文营销全栈Skills

Security checks across malware telemetry and agentic risk

Overview

This is a text-only Chinese marketing writing guide with no executable code, credential handling, persistence, or hidden data access.

Install this if you want Chinese marketing copywriting and platform-specific content templates. Be aware it may activate on broad marketing terms, and review generated advertising or growth claims for accuracy and legal compliance before publishing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger list includes broad marketing terms such as "SEO", "转化率", and "涨粉" that can match many normal user requests and cause the skill to activate when the user did not specifically intend it. In an agent ecosystem, over-broad activation can route unrelated prompts into this skill, increasing the chance of inappropriate behavior, prompt collisions, or accidental exposure of skill-specific instructions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.