生成精美科研风格 HTML 文档，深度解析论文与对应代码实现。

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only skill for generating paper-and-code HTML reports, with disclosed local file use and no evidence of hidden execution, credential access, persistence, or exfiltration.

Install only if you are comfortable letting the agent read the specific paper and code paths you provide and write an HTML report. Avoid pointing it at confidential or overly broad code directories unless you trust the full workflow, including the referenced frontend-design skill.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Natural-Language Policy Violations

Medium

Confidence: 94% confidence
Finding: The skill is written to operate in Chinese and its trigger phrases, prompts, and generated document expectations all assume Chinese output, without checking the user's preferred language. This can cause unintended language switching, miscommunication, and degraded usability or accessibility for users who expect another language, especially when the skill is used automatically by an agent.

Natural-Language Policy Violations

Low

Confidence: 88% confidence
Finding: The typography guidance hard-codes Chinese-specific fonts, which assumes a Chinese locale and may render poorly or inconsistently for non-Chinese content. While not a direct security exploit, it is a genuine policy/quality issue because it can force locale-specific presentation without user consent and reduce accessibility or readability.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal