Prompt Master - 提示词工程精华版

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-writing reference skill with no code or data access, though users should opt in carefully before enabling automatic system-prompt injection.

Install is reasonable if you want a compact prompt-engineering cheat sheet. Be cautious about enabling autoLoad or system-prompt injection globally, because it may make the agent apply these formatting and verification rules in conversations where you did not explicitly ask for them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger conditions are broad enough that the skill may activate during ordinary conversation without clear user intent, especially with phrases like asking how to get better AI answers or optional auto-load at session start. In prompt-injection-sensitive environments, unexpected activation can alter system behavior, inject extra instructions, or override task framing in ways the user did not request.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal