Operate Web Apps Built by Forguncy (aka 活字格)

Security checks across malware telemetry and agentic risk

Overview

This skill is a read-only helper for extracting table data from Forguncy web pages, with the main caution that it can return complete table contents from pages you access.

Install only if you intend to let the agent read table data from Forguncy pages you open. Use it on authorized pages, choose the specific table name deliberately, and avoid dumping full tables when they contain sensitive data you do not want shared with the agent.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill explicitly instructs the agent to enumerate Forguncy list views and extract full table contents from a live web application, which can include sensitive business or personal data. While the functionality appears intended for legitimate automation, the lack of guardrails, scope restriction, or user-warning language makes unauthorized or overbroad data access more likely.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal