Back to skill

Security audit

蒋道理|CNIPA商标驳回复审证据推理引擎(SJ-IRAC)

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only CNIPA trademark-refusal review skill whose sensitive legal-document inputs are expected for its stated purpose.

Install this only for CNIPA/PRC trademark refusal-review work. Provide the minimum necessary case details, redact nonessential personal or confidential information, verify deadlines and governing law, and have any filing-ready output reviewed before submission.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly requests refusal notices, trademark numbers, timelines, and evidence packets, which can contain confidential legal strategy, business plans, personal data, and unpublished branding information, but it provides no warning about sensitivity, minimization, or safe handling. In a legal workflow, users may over-disclose entire case files by default, increasing the risk of unnecessary exposure of privileged or commercially sensitive material.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The skill hard-codes a PRC trademark-agent role and mandates use of PRC Trademark Law (2019 Amendment) without an explicit scope gate or user-confirmed jurisdiction check. In a general agent ecosystem, this can cause the model to provide jurisdictionally incorrect legal guidance, producing filing-ready advice that may be inapplicable or misleading if the user’s matter is not actually China-specific.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.