8 追加被执行人申请书生成器

Security checks across malware telemetry and agentic risk

Overview

This is a small, non-executable legal document helper with no evidence of hidden code, persistence, credential use, or data exfiltration.

Before installing, be aware that this skill may activate on broad debt-enforcement phrasing and that its self-labels such as CLEAN or NOT Suspicious are publisher claims, not legal or security guarantees. Review any generated court filing with a qualified legal professional before submitting it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger list includes broad, colloquial phrases such as '公司没钱' and '终本后追索' that can match general legal or financial discussions rather than a clear request to use this specific skill. This can cause unintended activation in unrelated conversations, leading the agent to inject legal-enforcement workflow content or collect/process sensitive case details without the user explicitly requesting this tool.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal