Vague Triggers
Medium
- Confidence
- 91% confidence
- Finding
- 该技能将“什么好卖”“热销”“爆款”“蓝海品类”“还有机会吗”等较宽泛的自然语言直接作为触发条件,容易在普通咨询场景中被意外激活。误触发会导致代理在缺乏明确用户意图时进入市场分析流程,可能产生越权工具调用、无关数据处理或错误执行链路。
欧盟市场分析师
Security checks across malware telemetry and agentic risk
Overview
This is a prompt-only EU e-commerce market analysis skill with no hidden install code or privileged local access.
This appears safe to install as a normal prompt skill. Be mindful that compliance-related prompts may involve the linked eu-compliance-skill, so only share sensitive product plans or business data if you also trust that related skill.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)
VirusTotal
63/63 vendors flagged this skill as clean.