Security audit

今日新番列表

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only skill for looking up public Japanese anime schedules and returning a Chinese table, with no code execution, credentials, persistence, or local data access.

Install this if you want your agent to browse public web sources for Japanese anime airing or streaming schedules and answer in Chinese. Be aware it may activate automatically for matching anime schedule queries and will include source-based web lookups, but the artifact does not contain code, persistence, credential handling, or local data access.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill enables implicit invocation without any activation constraints, which increases the chance it will be triggered on loosely related user requests. This can cause unintended tool use, privacy leakage through unnecessary external lookups, or user-confusing behavior because the agent may invoke the skill without clear consent or precision about scope.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal