KAM 千路文档标准

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only skill for checking Qianlu business spreadsheet headers, filenames, terminology, and related workflow rules.

Reasonable to install as a reference skill. Use it for Qianlu inquiry-side spreadsheet standards, and only approve any filebrowser upload when you intentionally want that spreadsheet transferred and understand the destination and permissions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill metadata advertises very broad triggers such as header naming, document verification, comparison matrices, subsystem boundaries, and filebrowser interactions without clear activation constraints or scoping rules. In an agent setting, this can cause the skill to be invoked in unrelated contexts, increasing the chance of unintended file handling, overbroad authority, or policy bleed into tasks that should not use this skill.

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: The description is written entirely in Chinese and frames behavior around Chinese-language terminology and workflows without indicating language negotiation or fallback. This can steer the agent into responding in Chinese or applying locale-specific assumptions even when the user did not request that, which is a safety and usability issue because it may mis-handle instructions or reduce user comprehension.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal