ZeeLin AI头部简讯

Security checks across malware telemetry and agentic risk

Overview

This skill only guides the agent to gather public AI news and research and turn it into Chinese briefings.

Install this if you want Chinese briefings about public AI news, papers, tools, and trends. Be aware it may browse public web sources when invoked, and use AI-specific prompts such as “AI周报” or “AI快讯” to avoid accidental activation for unrelated reports.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill description defines very broad activation conditions such as requests for AI news, weekly reports, and frontier updates, which can overlap with ordinary user conversation. This can cause unintended invocation of the skill, leading to context hijacking, unexpected browsing/tool use, or the model following this skill's workflow when the user did not explicitly request it.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: Using highly generic mode triggers like '日报', '快讯', and '周报' without domain or task qualifiers increases the chance that unrelated requests activate this skill. In an agent environment, overbroad triggers can misroute user intent, override more appropriate skills, and cause unrequested data fetching or summarization behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal