Security audit

Persian Language

Security checks across malware telemetry and agentic risk

Overview

This is a language-formatting skill for Persian text, with no evidence of hidden execution, credential access, or data exfiltration.

Reasonable to install if you want Persian-language output normalization. Be aware it may influence formatting whenever Persian text or the words Persian/Farsi appear, so check outputs where exact source formatting, technical identifiers, or non-Persian locale conventions must be preserved.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger set is overly broad because it activates on any mention of Persian/Farsi, even when the user is not asking for language assistance. This can cause unintended behavior changes, such as unnecessary style enforcement or locale switching in unrelated tasks, but it does not appear to create direct code-execution, data-exfiltration, or privilege-escalation risk.

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: The skill mandates Persian formatting and locale conventions by default, including Persian digits, punctuation, and Solar Hijri dates, without clearly requiring user opt-in. In contexts where the user expects another locale or strict source-format preservation, this can silently alter meaning, formatting, or interoperability.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal