Prompt Generator Pack

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only prompt template pack, with no code execution, credential access, network behavior, or persistence.

Install this if you want Chinese-language prompt templates. Invoke it explicitly by name to avoid accidental activation, and be aware that some advertised template categories appear incomplete in this version.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The activation phrases are very broad natural-language requests like “用 xxx 模板” and “给我一个 xxx Prompt”, which can easily overlap with ordinary user conversation and cause the skill to trigger unintentionally. This can lead to prompt injection of unrelated behavior into normal interactions, reduce user control, and make it easier for downstream instructions in the skill pack to influence conversations when the user did not explicitly intend to invoke the skill.

Natural-Language Policy Violations

Medium

Confidence: 76% confidence
Finding: The skill content and usage guidance are presented only in Chinese, with no indication that the assistant should adapt to the user's language. This is not a direct security exploit by itself, but it can cause user misunderstanding about what the skill does or when it activates, which slightly increases the risk of accidental invocation and weakens transparency and informed consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal