Yijuhua Chufangan

Security checks across malware telemetry and agentic risk

Overview

This appears to be a low-risk planning/writing skill with overly broad trigger wording but no evidence of hidden code, sensitive access, or harmful behavior.

Install only if you want broad plan-writing requests to use this skill. If accidental activation would be disruptive, prefer a version with more specific trigger phrases or require explicit invocation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger phrases include very broad, everyday expressions such as '帮我写个方案', '出个框架', and '这个事怎么做', which can match ordinary user requests that were not intended to invoke this skill. Over-broad activation increases the chance of unintentional routing, causing the agent to override user expectations and inject fixed output behavior into unrelated conversations.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The description embeds high-frequency generic keywords like '写方案', '帮我出个', and '给我一个方案', which are common in normal conversation and therefore likely to cause accidental invocation. In an agent ecosystem, this can create prompt-routing hijack behavior where this skill captures requests that should instead be handled by the base assistant or a more appropriate skill.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal