Security audit

App Data 所有对话主对话中级会计备考大师 V5.0.0

Security checks across malware telemetry and agentic risk

Overview

This is a study-assistant skill made of markdown tutoring materials, with no executable code or hidden access behavior found.

Reasonable to install if you want an accounting exam tutor. Treat its wrong-answer log feature as potentially personal study data: ask where it is stored and clear it when you no longer need it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger for CMD-02 uses broad natural-language phrases like “出几道题 / 考考我 / 练习”, which are common in ordinary tutoring conversations and can match ambiguous requests. This can cause the agent to invoke the wrong workflow, leading to unintended behavior, confusing outputs, or bypass of user intent when multiple commands are plausible.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The CMD-08 trigger relies on vague everyday phrases such as “怎么备考 / 学习计划 / 复习安排 / 时间不够怎么办”, which can appear in many general advisory requests without clearly indicating a specific workflow. Because boundaries with other study-support commands are weak, the agent may misroute requests and produce rigid planning output when the user wanted targeted tutoring or problem-solving.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The routing section combines overlapping keyword rules with a final catch-all for “其他会计相关问题,” creating unreliable command selection and increasing the chance of accidental or adversarial prompt steering. In an agent skill, broad routing logic can be exploited to force a less appropriate response path, reducing predictability and potentially bypassing safeguards tied to a specific command flow.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The document states that the system will automatically record a user's incorrect-answer history, including question content, user answers, error reasons, chapter, and mistake counts, but it provides no notice about retention period, consent, access controls, or deletion behavior beyond a manual 'clear' command. This creates a real privacy risk because it normalizes collection of performance-history data that may be personal educational data, and could expose sensitive study patterns if stored or reused without adequate safeguards.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal