事实核查与谣言终结者

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only fact-checking skill whose web search and image-analysis guidance match its stated purpose.

Install if you want a Chinese-language fact-checking workflow for public claims, rumors, news, or images. Avoid using it with private or confidential material unless you are comfortable with relevant details being used in web searches.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger examples include very common phrases such as '这是真的吗', '帮我查查这条消息', and 'fact check', which can appear in ordinary conversation and may activate the skill unintentionally. Over-broad activation can route benign user requests into this skill unexpectedly, causing incorrect tool use, unnecessary web retrieval, and response-shaping that the user did not intend.

Natural-Language Policy Violations

Medium

Confidence: 77% confidence
Finding: The skill is authored entirely in Chinese and mandates a Chinese output structure without offering a language-selection mechanism. This can create unsafe or misleading behavior when activated for users operating in other languages, because instructions and results may be misunderstood, ignored, or incorrectly applied, especially in a fact-checking context where precision matters.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal