Trademark Information Inquiry - 商标信息查询

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward trademark lookup skill that sends user-provided search terms to a disclosed third-party API using the user's JisuAPI key.

Install only if you are comfortable sending trademark search terms and identifiers to JisuAPI under your own AppKey. Avoid using it for confidential brand research unless JisuAPI's privacy, retention, and billing terms are acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The activation text uses broad wording such as 'or similar trademark questions,' which can cause the agent to invoke this skill for loosely related prompts and transmit user queries to a third-party API unexpectedly. Overbroad routing increases privacy and consent risk because users may not realize their input will leave the system for external processing.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The markdown documents a third-party trademark API but does not clearly warn that user search terms and lookup parameters will be transmitted to an external provider. This is a real privacy/transparency issue because trademark queries can contain sensitive business plans, brand names, or investigatory intent.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal