Back to skill

Security audit

国网调研报告撰写

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only report-writing skill that creates Word research reports from user-provided materials, with no evidence of hidden code, credential use, or unrelated data access.

Install this if you specifically need Chinese State Grid-style HR or reform research reports. Use it only with documents you are allowed to process, review the generated .docx before sharing it, and confirm the output filename/location when handling confidential policy, HR, or compensation materials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger conditions are extremely broad, matching many common enterprise and HR-related keywords and instructing the system to trigger whenever those terms appear with a document-generation need. This can cause unintended invocation in unrelated conversations, expanding the skill's access to user content and increasing the chance of inappropriate automation or data handling without clear user intent.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The skill instructs the agent to generate and save a .docx file to the workspace, but it does not require notifying the user or obtaining confirmation before writing files. Even though file creation is expected for this skill, silent file output can surprise users, create unwanted artifacts, or write derived content from sensitive source materials without an explicit checkpoint.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The skill description and writing requirements strongly constrain output to Chinese and a specific institutional writing style without indicating that the user can choose another language or format. This can override user preferences, reduce usability, and cause unintended disclosure or mishandling when content should be produced in another language for review, compliance, or stakeholder sharing.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.