Back to skill

Security audit

律师办案六步法

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only legal analysis skill whose file saving and web-search behavior are disclosed and aligned with its report-generation purpose, though users should handle confidential matter data carefully.

Install this only if you are comfortable giving the agent case materials and having it save a Markdown report in the workspace. Prefer using /lawyer-six-steps, specify a safe output directory for confidential matters, avoid unnecessary client-identifying details in web searches, and independently verify all cited laws, cases, and conclusions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill goes beyond analysis and instructs the agent to write a generated report file into the workspace by default. That creates an unintended side effect: sensitive legal matter summaries may be persisted to disk without an explicit user confirmation step, increasing the risk of data leakage, overwriting files, or storing confidential work product in an inappropriate location.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrases include very generic natural-language requests such as asking to analyze a case, which are likely to appear in ordinary legal-assistant conversations. In an agent skill system, this can cause accidental activation and unintended execution of the six-step workflow on sensitive legal inputs without an explicit user command boundary.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The additional triggers listed here are short, common phrases such as '六步法', '帮我分析一个案件', and '案件预判', which are underspecified and can overlap with normal user intent rather than a deliberate request to invoke this specific skill. This creates an activation-boundary weakness where routine discussion may invoke the skill unexpectedly, potentially consuming sensitive case facts or steering the session into a predefined workflow.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The markdown explicitly directs the skill to write a report file and only return a short chat message, without requiring a clear warning or confirmation before persisting content. In a legal-analysis context, this is risky because the generated report may contain privileged, confidential, or inaccurate material that gets stored automatically and potentially exposed to other tools, users, or later workflows.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.