新闻联播中翻中

Security checks across malware telemetry and agentic risk

Overview

This is a focused news-translation skill that fetches public CCTV transcripts, with only a minor risk of unintended activation from broad trigger words.

Safe to install as a public-news analysis helper. Invoke it with explicit terms like “新闻联播” or “央视新闻联播” to avoid accidental activation from the broader shorthand triggers.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger list includes very short, ambiguous shorthand such as "联播" and "xwlb", which can cause the skill to activate for unrelated user requests. This is a real routing/overreach issue because an overly broad trigger can misclassify intent and pull in this skill when the user did not mean CCTV XinWenLianBo content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal