客观原则评价技能

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only design evaluation rubric with no code execution, data access, persistence, or hidden behavior.

Install it if you want a structured product or design critique framework. Be aware it may activate on broad review or opinion prompts, so clarify when you want a different kind of review.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger list includes very broad everyday phrases such as "what do you think of," "review," and "怎么样," which can match many ordinary requests and cause the skill to activate when the user did not specifically want this evaluation framework. Unintended invocation can steer conversations into a fixed rubric, override more appropriate skills, and create confusing or policy-misaligned responses, especially in mixed-topic chats.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal