Gongwen Format

Security checks across malware telemetry and agentic risk

Overview

This skill is a focused Chinese official-document formatter with only local template-generation behavior and no evidence of hidden data access or unsafe automation.

This appears safe to install for Chinese official document formatting. Confirm that you actually want GB/T 9704-style gongwen formatting when it triggers on broad report-writing prompts, and expect the sample JavaScript to create a local DOCX file only when you manually run it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger list contains broad phrases such as 'create official document' and '工作报告' that can overlap with ordinary writing or reporting requests, causing the skill to activate when the user did not explicitly request gongwen formatting. This can misroute user intent and impose specialized formatting or language assumptions in unrelated contexts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal