Qa Domain Modeling

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese-language domain-modeling skill that only guides agents to read and analyze information for diagrams, with no evidence of hidden execution or data misuse.

Install this if you want Chinese-language help turning business scenarios into state, data-flow, and service-dependency models. Be aware that it may activate for broadly worded complex-process analysis requests, so users should specify when they want a formal model or diagram.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The activation condition is overly broad because it triggers not only on explicit requests like drawing state or data-flow diagrams, but also on the generic need to understand complex business processes. In an agent system, this can cause the skill to activate in situations outside its intended scope, increasing the chance of inappropriate decomposition, context capture, or interference with more suitable skills.

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: The skill metadata and usage conditions are written to operate in Chinese without indicating that this is a locale-specific skill or allowing language negotiation. This can lead to unintended language forcing, reducing usability and potentially causing misunderstandings in downstream analysis or handoff artifacts when the user's language differs.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal