增强版功能规格

Security checks across malware telemetry and agentic risk

Overview

This is a document-writing helper for PRDs and HTML explainers, with no executable code or access to private data.

Safe to install as a PRD and feature-explainer writing aid. Before sharing generated HTML, check that the language, placeholders, code samples, and configuration details match your team’s standards and do not include sensitive product information.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 89% confidence
Finding: The skill hard-codes Chinese-language HTML output (`lang="zh-CN"` and Chinese instructional text) as the default format without indicating that locale should follow the user's preference. This can override user intent, reduce usability for non-Chinese-speaking users, and create downstream workflow issues where generated artifacts are unreadable or noncompliant with team language standards.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal