中欧贸易合规高级顾问

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Chinese-language EU trade compliance helper that routes tax, product compliance, and certificate questions to a named compliance plugin without adding hidden install steps or local system access.

Reasonable to install if you want Chinese EU VAT and compliance assistance. Treat outputs as advisory, review the separate eu-compliance-skill plugin before submitting sensitive certificates or business documents, and be aware that generic price questions may trigger VAT calculation unless the agent asks for clarification.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The VAT trigger condition is overly broad because it includes generic phrases like “多少钱”, which can appear in many non-tax contexts. This can cause unintended plugin invocation, sending irrelevant user input into a tax/compliance workflow and producing misleading regulated advice in situations where the user did not request it.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal