mty-frontend-design-zh

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-only Chinese frontend design skill with no scripts, credential access, persistence, or hidden behavior.

Safe to install as a frontend design prompt. Review any code it later generates before production use, especially added dependencies, third-party fonts, external assets, and accessibility behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill description is broad enough to match a very large set of ordinary frontend-related requests, which can cause the skill to be invoked when the user did not explicitly ask for this specialized behavior. Over-broad triggering increases the chance of unintended routing, inconsistent user experience, and policy bypass through accidental delegation to a more permissive or differently scoped skill.

Natural-Language Policy Violations

Medium

Confidence: 81% confidence
Finding: The skill metadata and content are written to operate in Chinese without stating that output language should follow the user's preference, which can lead to unexpected language forcing. This is mainly a safety and usability issue: it may confuse users, reduce transparency, and create compliance or accessibility problems in multilingual environments.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal