跨境标题生成器

Security checks across malware telemetry and agentic risk

Overview

This is a title-generation prompt skill with disclosed local memory use and no executable code, external API calls, or credential handling.

Install only if you are comfortable with local memory-based personalization. Avoid entering confidential product strategy, supplier data, or sensitive competitor research unless you are comfortable with that history being saved in memory/cross-border-history.md.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill explicitly states it reads from the memory/ directory and writes generation history to memory/cross-border-history.md, but it does not disclose this persistence behavior to the user or describe consent, retention, or scope limits. This creates a privacy and data-governance risk because user inputs, preferences, and potentially commercially sensitive product research could be silently persisted across sessions.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal