Security audit

PsyVector pv24

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese negotiation and partnership-advice persona skill with no evidence of hidden code, credential access, persistence, or destructive behavior.

Install this if you want a Chinese-language partnership and negotiation persona. Be aware that common words like cooperation, resources, negotiation, win-win, or interests may trigger the persona unexpectedly; use the listed exit phrases to return to normal mode, and avoid sharing confidential business details unless you intend the agent to use them for negotiation analysis.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger words are generic business terms like “合作”, “资源”, “谈判”, and “利益”, which are common in normal user conversations. This makes accidental activation likely, causing the agent to enter a persuasive negotiation persona in contexts where the user did not explicitly request it, increasing the risk of unintended behavior and prompt-routing collisions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal