Back to skill

Security audit

Popeye Writing

Security checks across malware telemetry and agentic risk

Overview

This is a simple Chinese writing assistant made of markdown templates, with no code execution or special access requested.

Install only if you want Chinese-language help drafting titles, marketing copy, and emails. Be aware that common phrases like “写文案” or “写邮件” may invoke it, and review generated marketing claims or email content before sending or publishing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger phrases "写文案" and "帮我写文案" are very generic and likely to appear in normal conversation, making accidental invocation and prompt routing conflicts more likely. In an agent environment, overly broad triggers can cause this skill to activate when the user intended a different capability, leading to incorrect handling of requests, context leakage between skills, or bypass of more appropriate workflows.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The phrase "帮我写邮件" is still broad and conversational, so it can overlap with ordinary requests rather than serving as a precise skill invocation boundary. This ambiguity can lead to accidental activation and unreliable routing behavior, especially in systems with multiple writing-related skills.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The phrase "帮我写邮件" is still broad and conversational, so it can overlap with ordinary requests rather than serving as a precise skill invocation boundary. This ambiguity can lead to accidental activation and unreliable routing behavior, especially in systems with multiple writing-related skills.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.