Security audit

sichuan-cuisine-rd

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Sichuan cuisine R&D guidance skill with no evidence of hidden execution, data access, persistence, or harmful behavior.

Use this skill as advisory support for Sichuan food product development and compliance review. Verify food safety, labeling, additive, and process recommendations against current local regulations and qualified professionals before production, and avoid manually installing the included requirements.txt unless the publisher explains why those packages are necessary.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger condition includes the open-ended phrase “或类似表述”, which can cause the skill to activate on loosely related food, cooking, or safety questions beyond its intended scope. In an agent system, over-broad invocation can lead to unintended authority, unsafe food-process guidance being surfaced in the wrong context, or the skill overshadowing more appropriate specialized skills.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger condition includes broad language like “或类似表述”, which can cause the skill to activate on loosely related requests rather than clearly scoped food R&D tasks. In an agent setting, ambiguous activation increases the chance of inappropriate routing, irrelevant guidance, or accidental use in contexts where regulatory or safety nuance matters.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal