Security audit

sichuan-cuisine

Security checks across malware telemetry and agentic risk

Overview

This skill is a Sichuan food product development reference skill with no executable behavior or data-access instructions found.

Use this as planning guidance for Sichuan cuisine R&D and food-safety review, but verify regulations for the relevant jurisdiction and do not install the included requirements.txt unless you have a separate, clear need for those packages.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger condition includes broad catch-all phrasing such as '或类似表述', which can cause the skill to activate for loosely related requests. In an agent environment, over-broad invocation can route users into a specialized workflow unexpectedly, increasing the chance of irrelevant advice, policy bypass through misrouting, or unsafe reliance on domain-specific guidance outside intended scope.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger condition includes “或类似表述” without defining scope or exclusion rules, which can cause the skill to activate on loosely related food, cooking, compliance, or process questions. In an agent setting, ambiguous activation increases the chance of inappropriate routing, overbroad advice, or the model providing specialized food-safety/process guidance when the user did not explicitly request it.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal