产品规划助手

Security checks across malware telemetry and agentic risk

Overview

This is a plain product-planning guide with no code, hidden access, persistence, or credential handling.

Install if you want a Chinese product-planning workflow. Confirm it is the right planning style and language for your use case, and avoid sharing confidential business details unless you are comfortable using them in the current chat context.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The example invocation phrases are extremely broad and generic (e.g., asking for a product plan), which can cause the skill to trigger in contexts where the user did not explicitly intend to invoke this particular assistant. In an agent system, unintended invocation can lead to misrouting, irrelevant guidance, or accidental disclosure of planning context into the wrong workflow, though this skill does not appear to perform dangerous actions on its own.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal