Subskill Generation Rule

Security checks across malware telemetry and agentic risk

Overview

This skill only gives file-organization guidance for generated subskills and does not include executable code or sensitive access.

Safe to install as a lightweight organizational rule skill. It may influence where future generated files are placed, so review any generated scripts or subskills separately before running them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Low

Confidence: 86% confidence
Finding: The entire skill description is written in Chinese and does not indicate that other languages are supported or that Chinese is a required, justified locale for this skill. Under the policy, forcing a specific language without user opt-in can be a natural-language policy violation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal