Security audit

AI资讯速递

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward AI news briefing helper with expected web search, visualization, and optional image-generation behavior.

Install this if you want a Chinese-language AI news and briefing assistant. Expect it to use web search/fetch, cite sources, generate charts, and optionally create images; review generated summaries for source quality and timeliness, especially when they include rumors, social-media claims, or benchmark comparisons.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The skill description includes broad trigger phrasing such as general requests to 'help organize AI news,' which can overlap with ordinary conversation and cause unintended activation. Over-broad activation can route user requests into unnecessary web-search, summarization, or content-generation flows, increasing the chance of irrelevant tool use and user confusion.

Vague Triggers

Low

Confidence: 88% confidence
Finding: The activation section lists examples of when the skill should trigger but does not define clear boundaries for when it should not. This ambiguity makes false activations more likely, especially for requests about a company, model, or research topic that may be educational or analytical rather than news-oriented.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal