Daily Report Zh

Security checks across malware telemetry and agentic risk

Overview

This is a simple Chinese daily-report drafting skill with no code or hidden behavior, though users should limit any file access to documents they choose.

Use this skill for drafting daily reports from information you provide. Because work reports can contain sensitive business details, review the generated text before sharing it and only allow file read/write access for specific files you intentionally select.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The skill declares write capability, but the description and examples frame the output as something to be 'sent to a leader' without warning that generated content could be written into files, drafts, or outbound messages. In an agent environment, this increases the risk of unintended modification or transmission of sensitive workplace information if the agent writes or stages content without explicit user confirmation.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal