Security audit

Chinese Silk Essay - 绫罗绸缎的历史

Security checks across malware telemetry and agentic risk

Overview

This skill is a Chinese essay-planning and research guide, with only a factual-quality concern around inconsistent Wikipedia source-priority guidance.

Safe to install for essay planning and research. Treat its Wikipedia guidance carefully: prefer museum, academic, and primary sources for important facts, and use Wikipedia only for orientation or cross-checking.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 90% confidence
Finding: The skill gives contradictory source-priority instructions: the retrieval section says Wikipedia is only auxiliary and not authoritative, while the validation checklist requires 'Wikipedia 优先'. Conflicting directives can cause the agent to privilege weaker sources, reducing factual reliability and making prompt behavior less predictable, though this is primarily an integrity issue rather than a direct security exploit.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal