🔍 BigPlan · 产品调研（市场分析·技术评估·供应链·产品规格方案）| Product Research & Planning

Security checks across malware telemetry and agentic risk

Overview

This is a plain product-research prompt skill with no executable code or hidden system access, though some trigger phrases are broad.

Reasonable to install for product research and planning. Treat BOM, pricing, market-size, and timeline outputs as estimates that need verification before business decisions, and be aware the broad trigger phrases may invoke the skill when you only meant a general analysis request.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger phrases include very broad, generic requests such as '帮我分析' and '想做一款', which can match many unrelated user intents and cause the skill to activate unexpectedly. In a skill that drives market/product research workflows, this can override more appropriate handling, produce irrelevant outputs, and increase the risk of unintended data gathering or misleading guidance.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal