业绩评价分析

Security checks across malware telemetry and agentic risk

Overview

This skill appears non-destructive, but it can present hardcoded mock retail performance numbers as real analysis.

Review before using this for real business decisions. It does not show malware-like behavior, but its results should be treated as demo or placeholder output unless the publisher replaces the hardcoded values with real, clearly sourced data and implements the advertised Benchmark analysis.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The skill metadata promises four-dimensional analysis including Benchmark, but the implementation never performs benchmark evaluation and instead injects a different weekend-only dimension. This is a security-relevant integrity issue because users and downstream agents may trust the output as a complete comparative assessment when it is materially incomplete and can drive incorrect business decisions.

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The docstrings state that the evaluators call other skills, but the functions return hard-coded simulated values instead. This creates deceptive output provenance: consumers may treat fabricated numbers as real analysis results, which is dangerous in an agentic system because it undermines trust boundaries and can silently propagate false operational conclusions.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger phrases are broad enough to match ordinary business conversation, increasing the chance that the skill is invoked unintentionally. In this context, accidental activation could cause the agent to produce authoritative-looking performance judgments or diagnoses when the user did not explicitly request this analysis, creating integrity and workflow risks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal