Security audit

学科专家生成

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese-language educational skill for generating subject-specific learning assistants, with only Markdown reference content and no hidden privileged behavior.

Install this if you want a Chinese-language generator for academic learning assistants. For high-stakes subjects like medicine, engineering, finance, or current technical topics, treat outputs as educational drafts and verify with qualified sources or professionals.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill’s activation scope is very broad: it applies to many subjects, levels, and use cases without clear guardrails for when it should decline, defer, or ask for clarification. In agent environments, overbroad triggers can cause inappropriate invocation, context confusion, or accidental takeover of unrelated educational or advisory requests, which may degrade safety and reliability.

Natural-Language Policy Violations

Medium

Confidence: 77% confidence
Finding: The skill is authored entirely in Chinese and does not provide a mechanism to respect the user’s preferred language, which can force output in a language the user did not request. While not a direct security exploit, this can cause miscommunication, reduce user comprehension of important disclaimers or instructions, and increase the chance of unsafe misunderstandings in sensitive domains like medicine or engineering education.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal