Back to skill

Security audit

DevTrace - 技术决策五算子

Security checks across malware telemetry and agentic risk

Overview

DevTrace is an instruction-only architecture decision framework with no code execution, credential access, network behavior, or hidden data handling.

Installers should understand that this skill will push architecture and code-review discussions into a detailed Chinese-language decision framework. Review skill invocation settings if you only want it used on explicit architecture or technical-choice requests, and avoid pasting secrets or sensitive internal details unless they are needed for the review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The skill auto-enables on very broad, common phrases such as 'how to do', 'which to choose', or 'is it risky', which can cause it to activate in many ordinary engineering conversations without clear user intent. This increases the chance of prompt overreach, unnecessary steering of agent behavior, and suppression of other more appropriate skills or normal conversational handling.

Natural-Language Policy Violations

Medium
Confidence
80% confidence
Finding
A Chinese-only skill without language negotiation or stated locale constraints can cause the agent to misinterpret instructions, produce inaccessible output, or silently fail for users operating in other languages. While not a direct code-execution risk, it is a control-plane usability and safety issue because users may not understand the framework's requirements, assumptions, or outputs.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.