Vague Triggers
Medium
- Confidence
- 86% confidence
- Finding
- 技能元数据中的描述将“分析文档、提取内容、总结报告”等常见需求直接作为触发条件,但没有提供足够的限定条件或确认步骤,容易在普通对话中被误触发。误触发后该技能可能读取用户提供的文档并进一步调用外部 API,放大了隐私暴露和越权处理的风险。
Security audit
Security checks across malware telemetry and agentic risk
This is a coherent document-processing skill, but users should know that AI analysis sends extracted document text to the SkillBoss API.
Install only if you are comfortable having document text analyzed through SkillBoss API Hub. Avoid using it on confidential, regulated, or third-party documents unless you have permission to send their contents to that provider, and prefer a dedicated API key with limited access.
66/66 vendors flagged this skill as clean.
No suspicious patterns detected.