New Youth.skill | 新青年.skill

Security checks across malware telemetry and agentic risk

Overview

This skill is not malware, but it needs review because it can automatically inject a worldview/persona into new sessions and its triggers are broad enough to affect ordinary conversations.

Install only if you want this reflective New Youth persona to influence conversations, and prefer an environment where the session-start hook can be disabled or activation can be limited to explicit commands such as /新青年. Do not grant financial, purchase, wallet, or broader tool permissions based on the metadata tags; the reviewed artifacts do not need them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (23)

Vague Triggers

Medium

Confidence: 75% confidence
Finding: The activation phrases are broad, value-laden, and overlap with ordinary reflective conversation, which can cause the skill to trigger unexpectedly and steer users into a prescriptive ideological/personality framework. In an agent setting, ambiguous triggers increase the risk of unwanted behavior, prompt hijacking of unrelated conversations, and reduced user control over when this skill intervenes.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The activation phrases are broad self-improvement prompts such as life choice, self-worth, and critical-thinking questions, which can cause the skill to trigger in many ordinary conversations without clear boundaries. In an agent setting, over-broad triggering can steer users into an ideological or persuasive framework unexpectedly, reducing user control and increasing the chance of inappropriate activation in sensitive contexts.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The auto-activation triggers are broad, value-laden, and semantically fuzzy, covering general topics like self-improvement, choice, critical thinking, and awakening. In an agent environment, this can cause the skill to activate outside its intended scope, hijack unrelated conversations, and inject persuasive framing or behavioral guidance when the user did not explicitly request this persona.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The activation phrases are broad, value-laden, and overlap with normal reflective conversation, so the skill may trigger outside its intended niche and steer unrelated discussions into ideological or personality-guidance flows. In an agent setting, ambiguous trigger scope can cause priority inversion or unintended behavior selection, especially when the skill is designed to influence decisions and self-assessment.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger phrases are broad, natural-language expressions about life choices, responsibility, and critical thinking, which can easily overlap with ordinary conversation. In an agent platform with automatic skill activation, this can cause unintended invocation, steering user sessions into ideological or reflective guidance when the user did not explicitly request this skill.

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The trigger set is broad enough that the skill may activate during ordinary conversation outside the intended reflective context. In an advice-oriented skill that frames identity, judgment, and decision-making, accidental activation can steer conversations unexpectedly, override more suitable skills, or inject normative guidance where the user did not request it.

Natural-Language Policy Violations

Medium

Confidence: 90% confidence
Finding: The skill hard-codes Chinese output and requires addressing the user as "朋友" without checking user preference or locale. This can override user intent, reduce accessibility, and create coercive or inappropriate stylistic behavior, especially when the user expects another language or a more neutral tone.

Natural-Language Policy Violations

Medium

Confidence: 90% confidence
Finding: The command explicitly constrains the assistant to respond in Chinese and to address the user as '朋友' without checking the user's language or preference. This is not a code-execution risk, but it is a genuine policy and user-autonomy issue because it can override user choice, reduce accessibility, and create mismatched or manipulative framing in sensitive advice contexts.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The command description is generic enough that it could be invoked for a wide range of reflective or advisory requests without a tight boundary on when it should apply. In an agent setting, broad invocation criteria can cause unintended routing into this skill, leading to over-application of ideological or personality-guidance behavior where the user did not explicitly request it.

Natural-Language Policy Violations

Medium

Confidence: 90% confidence
Finding: The file requires Chinese-language interaction and output formatting regardless of the user's language preference, which can override user intent and reduce transparency or informed consent. In multi-skill systems, hard-coded language constraints may also be used to steer communication into a form the user did not request, increasing confusion and making misrouting harms worse.

Natural-Language Policy Violations

Medium

Confidence: 87% confidence
Finding: The hook is configured to inject ideological content automatically at session start, before the user has opted into this persona or language context. That creates a prompt-steering and consent problem: users may receive unsolicited political or worldview-shaping framing that can bias later responses, especially because the skill is designed around人格塑造 and思想注入 rather than a narrow task.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger phrases in 场景1 include very generic expressions such as '评估我' and '给我打分', which can easily appear in unrelated conversations. This can cause the skill to activate outside its intended context, leading to prompt hijacking of normal interactions and unexpected persona-shaping guidance where the user did not request it.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: Phrases like '我该不该', '帮我分析一下', and '这个选择' are broad decision-assistance requests that commonly occur in general chat. Without stronger boundaries, the skill may inappropriately intercept unrelated decision-making prompts and inject ideological framing or unwanted advisory behavior.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The content-review triggers use highly generic phrases like '帮我改改' and '看看有没有问题', which are ubiquitous and not unique to this skill. This broad matching can misroute ordinary editing or review requests into a value-laden coaching workflow, creating confusion and reducing reliability of agent behavior.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: Everyday phrases such as '今天干什么', '给我找点事做', and '无聊' are extremely broad and likely to appear in many benign conversations. If they invoke this skill automatically, the system may provide unsolicited behavioral guidance, which is an invocation-control weakness and can undermine expected assistant behavior.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: Triggers like '帮我分析', '多角度', and '怎么看待' are generic analytical requests that overlap with standard assistant functionality. This makes accidental invocation likely and increases the chance that unrelated topics are pulled into the skill's worldview-expansion framework without clear user consent.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: Phrases like '那具体怎么做', '具体是什么', and '给我个方案' are common follow-up requests in almost any task flow. Because they lack scenario-specific markers, they can cause this skill to activate broadly and override normal task execution with its own action-framing process.

Natural-Language Policy Violations

Medium

Confidence: 91% confidence
Finding: The persona layer hard-codes a required term of address ('朋友') and only allows deviation if the user explicitly states another preference. This overrides user autonomy and can create unwanted familiarity or social pressure, especially in sensitive reflection or mental-state-adjacent conversations, though it is not directly enabling code execution or data exfiltration.

Natural-Language Policy Violations

Medium

Confidence: 94% confidence
Finding: The communication rules explicitly enforce calling the user '朋友' and discourage alternatives, which is a coercive conversational constraint rather than a safety feature. In a value-shaping or decision-guidance skill, forced familiarity can subtly increase persuasive influence and reduce the user's sense of distance from the agent.

Natural-Language Policy Violations

Medium

Confidence: 89% confidence
Finding: The consistency checklist operationalizes the forced address requirement by requiring responses to begin with '朋友'. Because this is a compliance check, it makes the behavior systematic and harder to override, increasing the likelihood of repeated unwanted persona pressure across interactions.

Overly Broad Trigger

Low

Category: Trigger Abuse
Confidence: 91% confidence
Finding: The single-word trigger '抉择' is highly generic and can match many benign discussions about choices. This increases the chance of unintended invocation, causing the model to enter a value-laden guidance mode when the user may have meant something narrower or unrelated.

Overly Broad Trigger

Low

Category: Trigger Abuse
Confidence: 90% confidence
Finding: The trigger '觉醒' is short, ambiguous, and commonly used in many contexts, making accidental matches likely. Unintended activation is especially risky here because the skill provides worldview-shaping and self-evaluative guidance rather than neutral utility functions.

Overly Broad Trigger

Low

Category: Trigger Abuse
Confidence: 88% confidence
Finding: The trigger '担当' is overly broad and appears in many ordinary discussions, so it can spuriously activate the skill. While the direct security impact is limited, misrouting users into moral or personality-guidance flows can produce unwanted influence and reduce reliability of skill selection.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal