Tp2
High
- Category
- MCP Tool Poisoning
- Confidence
- 85% confidence
- Finding
- Mixing characters from multiple Unicode scripts in a single identifier is a common technique to create visually ambiguous tool names.
Security audit
Paper Decompose
Security checks across malware telemetry and agentic risk
Overview
This is a markdown-only paper/report analysis skill with disclosed optional investment commentary, but users should treat that section as non-personal financial analysis.
Install only if you want a structured research-paper/report reading framework. For investment reports, review the optional investment-impact and position labels carefully; they are not a substitute for personalized financial advice or live market research.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
- MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)
Description-Behavior Mismatch
Medium
- Confidence
- 91% confidence
- Finding
- The sample output extends a paper-decomposition skill into investment-impact analysis and position guidance, which is outside the stated research summarization scope. This creates scope drift that can cause the agent to generate domain-sensitive financial commentary without explicit user request, suitability checks, or risk disclaimers, increasing the chance of inappropriate financial advice or misuse in investment contexts.
Vague Triggers
Medium
- Confidence
- 90% confidence
- Finding
- The trigger conditions include broad natural-language phrases such as '读 arXiv' and '看这篇论文' plus generic '帮我看看' with a link/PDF/text, which can cause accidental activation outside the user's intended workflow. Overbroad activation can redirect tasks, pull in external documents for processing, or apply the wrong cognitive framework to ambiguous requests, reducing user control and potentially exposing unintended content to downstream skills.
VirusTotal
64/64 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.