hot-it-news

Security checks across malware telemetry and agentic risk

Overview

This skill only retrieves public hot-article links from three named Chinese tech sites, with no code execution, credentials, persistence, or local data access.

Install this if you want a Chinese-format hot-article digest from 量子位, 人人都是产品经理, and 虎嗅. Be aware it may activate on broad IT or tech-news wording and will open those public sites in a headed browser to gather current links.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The skill description includes many broad, everyday trigger phrases such as '今日资讯' and '行业热点', which can cause the skill to activate for loosely related user requests rather than only when the user clearly wants these specific websites' hot articles. In an agent system, over-broad triggering can route unrelated tasks into a browsing workflow, causing unintended network access, incorrect task execution, and reduced user control over which skill is invoked.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal