Ruitian Html

Security checks across malware telemetry and agentic risk

Overview

The supplied evidence shows a low-risk document-formatting skill with only a broad-trigger concern, not hidden or harmful behavior.

Reasonable to install if you want help producing styled HTML or enterprise documents. Be aware it may activate on fairly general document-generation requests, so review the skill description and use explicit prompts when you do or do not want this template behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger phrases include broad, common-language requests such as '生成 HTML 文档' and '企业文档风格', which can cause the skill to activate in contexts where the user did not specifically intend this template behavior. In an agent environment, over-broad activation can misroute tasks, override more appropriate skills, or cause unintended formatted output, though this file does not show direct code-execution or data-exfiltration behavior.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal