AhaPoint 生成专家

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed AhaPoint report generator that may browse the web and save local report files, with no evidence of deception, exfiltration, or destructive behavior.

Install only if you want a skill that can research topics online and create persistent AhaPoint Markdown reports. Before using it, confirm the save directory, avoid the hard-coded /Users/olivia path unless it is actually intended, and use a pseudonym or omit contact details for private ideas.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (11)

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The skill’s stated purpose is report generation, but its workflow also performs local state changes by saving files and updating a registry. This creates an integrity and surprise side-effect risk: invoking what appears to be a content-generation skill can modify the workspace, overwrite data, or leave persistent artifacts without explicit per-run user consent.

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The skill directs the agent to perform external web research before generating output, which expands behavior beyond the manifest's stated role of generating AhaPoint reports. This creates undisclosed network access, exposing the user to privacy, prompt-injection, and scope-creep risks from untrusted web content.

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The skill instructs the agent to write files to a local directory, but that file-writing behavior is not reflected in the manifest description. Undisclosed local writes can surprise users, modify their workspace without consent, and be abused to persist unwanted content.

Context-Inappropriate Capability

Medium

Confidence: 98% confidence
Finding: The instructions hard-code a specific absolute filesystem path under a named user's home directory. Hard-coded local paths are risky because they assume access to a particular environment, can overwrite unintended files, and bypass user choice about where content is stored.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The example trigger phrases are broad natural-language requests like '按模板写报告' and '挖掘 XX 领域的点', which can overlap with ordinary conversation and cause unintended skill activation. In an agent environment, ambiguous activation can route unrelated user requests into this skill, leading to unnecessary browsing, file creation, or modification of the AhaPoints workspace.

Vague Triggers

Low

Confidence: 82% confidence
Finding: The mode and default behavior descriptions explain what the skill does but do not clearly define when it must or must not activate. This ambiguity increases the chance that the agent selects the skill by default for broad ideation, formatting, or analysis requests that were not intended to invoke APS report generation.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The activation text is broad enough to overlap with normal writing or brainstorming requests, increasing the chance the skill is auto-selected when the user did not intend its persistence, browsing, or metadata behaviors. Over-broad triggers are dangerous in skills with side effects because they can cause unintended tool use and local file modifications from innocuous prompts.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The usage examples include vague natural-language requests like recording an idea or writing by template, which blur the boundary between ordinary assistant behavior and this tool-backed skill. In context, that ambiguity matters because the skill is documented to browse, persist user ideas, and update registries, making accidental activation more harmful than a pure formatting skill.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The workflow specifies automatic file creation and registry updates but does not present a clear user warning or consent checkpoint before modifying local files. Silent persistence is risky because users may disclose sensitive ideas or personal metadata expecting transient assistance, while the skill instead creates durable records on disk.

Missing User Warnings

Low

Confidence: 87% confidence
Finding: The markdown tells the agent to save generated reports locally without any warning or consent flow around modifying user data. While the content is not inherently destructive, silent writes reduce transparency and can lead to unwanted persistence or clutter in the user's environment.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The skill instructs collection and persistence of author names, identifiers, optional contact details, timestamps, and user-provided ideas into files and a registry without data minimization, retention limits, or consent controls. This creates a privacy and confidentiality risk because sensitive personal information and proprietary ideas may be stored locally in durable, discoverable artifacts beyond the user’s expectations.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal