明源云需求扩写

Security checks across malware telemetry and agentic risk

Overview

This skill is a simple requirements-drafting template, with the main caveat that it may save generated output to WeCom or a local Markdown file.

Use this for drafting requirements, but check where the generated content will be saved. If the requirement text contains confidential business details, prefer inline or local Markdown output unless you intentionally want a WeCom document and have reviewed its sharing permissions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly instructs the agent to create a WeCom document or Markdown file, but it does not require obtaining user consent or warning the user that external content or files will be created. In an agent environment, silent document creation can cause unintended data persistence, disclosure to third-party systems, or side effects the user did not authorize.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal