Back to skill

Security audit

AI短剧脚本创作大师

Security checks across malware telemetry and agentic risk

Overview

This is a text-only writing workflow skill for short-drama and manga scripts, with no evidence of code execution, credential access, persistence, or data exfiltration.

Install this if you want a prescriptive short-drama or AI manga writing workflow with ViFlow-style JSON output. Be aware it may activate for broad plot or storyboard requests and may push a full structured export when you only wanted informal writing help.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The activation description is very broad and covers generic creative-writing intents, which can cause the skill to auto-trigger in many unrelated contexts. Over-broad routing increases the chance that users are pushed into this skill's required workflow and output format without clear consent, creating prompt-scope hijacking and reducing user control.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The instruction to 'automatically trigger' on requests to create scripts, outlines, plot design, manga scripts, or any mention of ViFlow lacks boundaries and disambiguation rules. This can cause unintended invocation on ordinary writing requests, letting the skill override normal assistant behavior and steer outputs into a fixed process the user did not request.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.