Popeye Business

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese business-writing skill made of Markdown templates, with no evidence of system access, data exfiltration, or unsafe automation.

Install it if you want a Chinese-language business drafting assistant. Review generated market data, competitor claims, financial projections, and marketing recommendations before using them for real business decisions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger phrase "帮我分析竞品" is broad and can overlap with ordinary conversational requests, which increases the chance this skill activates when the user did not explicitly intend to invoke a structured competitive-analysis workflow. In a business assistant context this is not directly security-critical, but unintended activation can cause prompt routing errors, inappropriate data collection, or leakage of user context into a more specific analysis template than expected.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger phrase includes very generic terms like “营销策划” and “帮我做营销方案”, which can easily overlap with ordinary user requests rather than an explicit skill invocation. This can cause unintended routing or activation of the skill, leading to prompt hijacking of normal conversations and reducing the system’s ability to respect user intent or safer/default handling paths.

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal