蒋道理｜CNIPA商标驳回复审证据推理引擎（SJ-IRAC）

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only CNIPA trademark-refusal review skill with no code execution, credentials, persistence, or hidden data movement.

Install only if you intend to use it for CNIPA trademark refusal review. Provide only necessary case materials, verify deadlines and governing law, and have any submission-ready output checked by a qualified trademark professional before filing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Natural-Language Policy Violations

Medium

Confidence: 89% confidence
Finding: The skill hard-codes application of PRC Trademark Law (2019 Amendment) unless the case explicitly requires otherwise, but it does not require the user to confirm jurisdiction, governing law, or temporal scope up front. In a filing-grade legal drafting skill, this can silently misframe advice for non-PRC matters or edge cases involving different effective-law periods, producing authoritative but legally inapplicable output.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The workflow defines internal stages and control logic, but it does not state explicit activation conditions, authorized inputs, user roles, or hard boundaries for when the skill should refuse to operate. In an agent setting, this ambiguity can let the skill be invoked on incomplete, out-of-scope, or adversarially framed legal matters, causing unsafe or misleading legal-document generation with unwarranted confidence.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal