Back to skill

Security audit

Software Quotation Skill

Security checks across malware telemetry and agentic risk

Overview

This is a coherent software quotation-writing skill with no evidence of credential access, persistence, destructive behavior, or hidden data collection.

Install only if you want a Chinese-language assistant for software project quotations. Review all generated estimates and contract terms before sending them to clients, and avoid opening or sharing generated HTML with sensitive client data unless you are comfortable with the cdnjs-hosted PDF export libraries or replace them with trusted local copies.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill description uses very broad trigger phrases such as '帮我做一份报价', '帮我分析工作量', and related natural-language variants, which can overlap with ordinary conversation and cause the skill to activate when the user did not explicitly intend to invoke it. In an agent environment, this can lead to misrouting, unintended workflow execution, and generation of authoritative-looking outputs based on incomplete context.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.