产品经理认知跃迁教练

Security checks across malware telemetry and agentic risk

Overview

This appears to be a low-risk coaching skill with no evidence of file access, credential use, persistence, or hidden execution.

Install if you want Chinese-language PM or career coaching. Be aware it may be invoked for broad advice-style prompts, so review whether its language and coaching scope match your intended use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger scope is broad enough to activate on generic requests for confusion, career advice, or product problems, which increases the chance the skill will intercept ordinary conversations outside a narrowly defined PM-coaching context. That can cause misrouting, over-application of the skill persona, and unintended coaching behavior when the user did not explicitly ask for this specialized workflow.

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: The skill content is entirely in Chinese and presents a fixed interaction style without offering a language-choice mechanism. While not directly unsafe in the classic security sense, this can cause user-intent mismatch, misunderstanding of guidance, or exclusion of users who interact in another language, especially if the system auto-invokes the skill.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal