Back to skill

Security audit

Summarize Zh

Security checks across malware telemetry and agentic risk

Overview

This is a simple read-only Chinese summarization skill with no executable code or hidden data handling.

This appears appropriate for normal summarization use. Because it reads content to summarize it, only use it on private or sensitive documents when you intentionally want that content processed into a summary.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill description contains very broad trigger phrases such as generic requests for summarizing articles, reports, meeting notes, and long content. In agent ecosystems where skills are auto-selected from natural-language descriptions, this can cause the skill to activate for many ordinary user requests, potentially overshadowing more specific or safer skills and widening the scope of data routed into this skill.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.