Security audit

Agency Agents Zh

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Chinese expert-role library skill with broad persona activation wording but no evidence of hidden code, credential access, persistence, exfiltration, or destructive behavior.

Install this only if you want your agent to use Chinese expert personas from a local role library. Use explicit role requests and review the referenced local role files if present, because the skill’s behavior depends on those persona definitions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The skill advertises activation through broad natural-language requests such as asking for a role by name, without defining strict invocation boundaries. This can cause accidental or overly broad skill activation during normal conversation, leading the agent to load external role definitions and change behavior in ways the user did not explicitly intend.

Vague Triggers

Medium

Confidence: 97% confidence
Finding: The quick-start phrases are ordinary conversational requests like '作为安全工程师，请审查这段代码', which are likely to appear in normal user interactions. If the platform treats these as triggers, the skill may be invoked unintentionally and import role instructions from local files, creating prompt-scope confusion and increasing the chance of instruction hijacking via role content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal