7 万能法律文书生成器

Security checks across malware telemetry and agentic risk

Overview

This is a small legal document drafting skill with no executable code, but its broad legal triggers and self-approval wording should be treated cautiously.

Before installing, understand that this skill may activate for broad legal-document topics and may ask for sensitive case facts. Treat generated legal documents as drafts, avoid sharing unnecessary private information, and consider professional legal review before filing or sending anything formal.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger phrases are very broad generic terms such as '离婚协议', '律师函', and '法律文书', which can cause the skill to activate in many loosely related conversations without clear user intent. In a legal-document generation context, unintended invocation is more dangerous than average because it may steer users into generating formal legal materials or exposing sensitive case details when they did not explicitly choose this skill.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal