Work Productivity Ontology Typed Workflow Helper

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only ontology helper with some overly broad wording in secondary docs, but no code execution, credential access, persistence, or hidden install behavior.

Install this only for ontology, typed-schema, knowledge-graph, or structured-memory planning. Prefer explicit invocation by name, and be aware that the Chinese README and some usage examples are broader than the main English skill description.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (9)

Description-Behavior Mismatch

High

Confidence: 95% confidence
Finding: The skill metadata and body materially diverge from the declared purpose: it is labeled as an ontology/knowledge-graph helper, but the description and workflow steer the agent toward broad demand-validation, bug fixing, hardening, reliability, and adjacent-skill creation tasks. This kind of scope mismatch can cause incorrect skill selection and execution on unrelated requests, undermining routing safety and making downstream behavior less predictable.

Intent-Code Divergence

Medium

Confidence: 92% confidence
Finding: The title and trigger framing present a specialized ontology workflow helper, while the substantive instructions define a much broader generic productivity/reliability assistant. This inconsistency increases the chance that an agent will activate the skill under false assumptions and then follow instructions outside the expected safety and competency boundaries of the declared skill.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger sentences are highly generic and include broad phrases like 'Help me' and 'I need a practical workflow,' which can cause the skill to activate in contexts far beyond its intended ontology/schema-design scope. This increases the chance of unintended invocation, routing mistakes, and misuse of the skill in unrelated tasks, especially in automated agent environments that rely on fuzzy matching.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger phrases are broad, natural-language prompts that can match ordinary user requests unrelated to this specific skill, increasing the chance of unintended activation. In an agent skill ecosystem, accidental routing can cause the wrong workflow to run, leading to inappropriate handling of user tasks, reduced reliability, and possible propagation of unsafe assumptions from the skill into unrelated contexts.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger list includes broad, common terms such as 'typed', 'knowledge', 'graph', 'structured', 'creating', and 'bug fix', which are likely to appear in many unrelated conversations. Over-broad activation raises the risk of accidental skill invocation, causing the agent to inject irrelevant instructions or override better-matched skills.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The invocation description claims applicability to a wide range of practical workflows tied to a cited market-demand statement rather than a concrete task boundary. That ambiguity broadens the operational scope of the skill beyond its declared specialty, making misrouting and unintended instruction application more likely in normal agent use.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The default prompt advertises a broad natural-language trigger phrase tied to a capability that can be implicitly invoked. This can cause the skill to activate in contexts the user did not clearly intend, expanding the chance of prompt injection, unintended tool selection, or inappropriate access to structured memory/modeling actions.

Vague Triggers

High

Confidence: 95% confidence
Finding: The trigger sentence is phrased so broadly that ordinary user requests about help, workflows, bugs, or hardening could accidentally invoke this skill outside its intended ontology-design scope. In an agent environment, over-broad activation can cause the wrong skill to run, leading to irrelevant actions, confused routing, or unsafe delegation based on a mistaken match.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger description and examples do not clearly define when this skill should versus should not activate, and they mix ontology work with generic implementation-help language. This ambiguity increases the chance of unintended invocation across unrelated tasks, which is especially risky in automated agent ecosystems where routing decisions may be made from simple textual similarity.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal