Back to skill

Security audit

Wiki Intent Scope

Security checks across malware telemetry and agentic risk

Overview

This appears to be a prompt-only research scoping helper with a broad trigger, but no evidence of malware, hidden execution, credential use, persistence, or data-changing behavior.

Install this if you want help structuring wiki or research scoping from customer requirements. Keep sensitive business, legal, compliance, or policy decisions under human review, and check that the skill is being used for scoping rather than making final recommendations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The default prompt activates the skill for a very broad class of user inputs ('客户原始需求') and asks it to define task scope, objects, scenarios, and constraints without clearly bounded trigger conditions. Overbroad activation can cause the skill to be invoked in contexts beyond intended wiki research scoping, leading to incorrect delegation, unintended processing of sensitive business requests, or confusion with adjacent higher-risk research/advisory workflows.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.