网红便当

Security checks across malware telemetry and agentic risk

Overview

This is a simple bento restaurant recommendation skill and it does not request sensitive access or run code.

Safe to install as a dining recommendation guide. Treat prices, hours, queue times, hygiene ratings, and popularity as information that may need current verification before visiting.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill description is scoped broadly enough to overlap with generic restaurant, food discovery, and travel-planning requests, which can cause the agent to invoke this skill outside its intended niche. This is dangerous because over-broad routing can degrade policy enforcement, produce irrelevant results, and increase the chance that a less appropriate skill handles user queries.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal