外贸业务全能助手

Security checks across malware telemetry and agentic risk

Overview

This is a read-only foreign-trade template skill with no code execution, credentials, system access, or hidden data handling.

Install this if you want reusable foreign-trade templates and operational checklists. Treat contract, customs, payment, and dispute content as general drafting help, not legal, tax, sanctions, or compliance advice; have high-value or regulated transactions reviewed by qualified professionals.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill description is broad enough to match many normal foreign-trade assistance requests, which can cause the skill to activate outside a narrowly intended scope. Over-broad activation increases prompt injection and unintended tool-selection risk because generic business queries may be routed into this skill even when a more appropriate or safer skill should handle them.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The workflow trigger '当外贸从业者需要帮助时' is vague and effectively says to activate whenever a foreign-trade user needs help. This lack of boundaries can lead to over-triggering, accidental takeover of conversations, and unsafe handling of adjacent topics like legal interpretation, customs compliance, or financial decisions without proper constraints.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal