Security audit

yingying-10agents

Security checks across malware telemetry and agentic risk

Overview

This is a text-only sales negotiation coaching skill, with a broad activation description but no code, credential access, persistence, or hidden data handling.

Install this if you want a Chinese-language sales negotiation coach that may trigger broadly on sales-adjacent wording. Review any suggested scarcity, pressure, or persuasion tactics for legal, ethical, and company-policy fit, and avoid entering sensitive customer personal data unless you have permission.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

High

Confidence: 95% confidence
Finding: The skill description mandates activation for a very broad set of common sales-related terms such as '客户', '合作', and '怎么卖、怎么谈', which can easily overlap with ordinary conversation and cause unintended invocation. This creates routing/prompt-selection risk: the assistant may inappropriately enter a persuasive negotiation persona in benign contexts, reducing user intent fidelity and potentially steering responses toward manipulative sales tactics when not requested.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.