短剧本生成器

Security checks across malware telemetry and agentic risk

Overview

This is a simple short-drama writing skill with no executable code or data access; the only notable issue is broad trigger phrasing.

Before installing, understand that a generic request to write a script may produce this short-video script format. Review generated scripts and any prompts before using them with third-party video tools, especially if they include private details.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill description and example triggers are broad enough to match common creative-writing requests such as '写个剧本' or '帮我做个短剧', which can cause the router to invoke this skill in situations where a more specific or safer skill should handle the request. Over-broad routing increases the risk of unintended activation, misclassification, and prompt-context capture across unrelated user intents.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal