主题配色工厂

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only design helper for choosing colors and fonts, with no code execution or sensitive access.

Install this if you want Chinese-language help choosing color palettes, fonts, and theme styling. Review suggestions before applying them to important documents, especially when your request is broadly phrased like “beautify this.”

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The skill description includes broad trigger phrases like '换个配色' and '美化这个文档', which can match many ordinary user requests and cause the skill to activate when the user did not explicitly ask for theme generation. In an agent environment, over-broad activation can hijack user intent, leading to inappropriate skill routing and undesired modifications to content presentation.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The '立即触发' section uses ambiguous activation rules such as '帮我美化一下' and '换个配色' without enough contextual constraints. This increases the chance of unintended invocation on generic requests, which can override the user's actual task flow or cause the agent to apply design transformations in the wrong context.

VirusTotal

No VirusTotal findings

View on VirusTotal