Tp2
High
- Category
- MCP Tool Poisoning
- Confidence
- 85% confidence
- Finding
- Mixing characters from multiple Unicode scripts in a single identifier is a common technique to create visually ambiguous tool names.
Security audit
Concept Anatomy
Security checks across malware telemetry and agentic risk
Overview
This is a text-only learning framework for analyzing concepts, with no evidence of code execution, data access, persistence, or exfiltration.
Install this if you want a structured Chinese-language framework for deeply analyzing concepts. Prefer using the explicit /concept-anatomy or 八维度 phrasing when you want it, because generic learning phrases may otherwise route ordinary questions into this longer format.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
- MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)
Vague Triggers
Medium
- Confidence
- 91% confidence
- Finding
- The trigger set includes broad everyday phrases like '搞懂' and '学懂', which can match many benign user requests that are not asking for this specific skill. Overbroad activation can cause unintended invocation, prompt-routing mistakes, and context hijacking where the assistant applies the wrong workflow to unrelated tasks.
Vague Triggers
Medium
- Confidence
- 94% confidence
- Finding
- The activation table permits natural-language patterns such as '深入理解 [概念名]' and '我想了解 [概念名],但不只是定义', which are broad enough to overlap with ordinary conversation. In an agent environment, this can lead to misrouting, accidental execution of the skill, and user-intent confusion, especially because the skill is designed as a high-priority conceptual framework.
VirusTotal
63/63 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.