Security audit

ai-high-quality-briefing

Security checks across malware telemetry and agentic risk

Overview

This appears to be a low-risk briefing/writing skill with minor usability and routing concerns, not a security threat.

Install if you want Chinese-language AI/tech/global-expansion briefings. Before relying on it, check whether the skill lets users override language and whether its trigger wording is narrow enough for your workflow.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill description is broad enough to match generic research, summarization, and writing tasks well beyond AI/technology/global-expansion briefings. In agent routing systems, this can cause inappropriate auto-invocation, leading the skill to override more suitable skills, pull in unnecessary web research behavior, or produce outputs in an unintended format/domain.

Natural-Language Policy Violations

Medium

Confidence: 82% confidence
Finding: The skill mandates Chinese output regardless of user preference, which can conflict with user intent, downstream system expectations, or workflows requiring another language. While not a classic security exploit, hard-coded language constraints can cause policy bypass-like behavior in multi-locale environments by returning unusable content or interfering with correct task handling.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal