Phy Investor Wechat Update

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-only writing helper for drafting investor WeChat updates and does not install code, access credentials, or send messages.

Install this if you want a lightweight drafting aid for investor WeChat updates. Review any generated metrics, financial details, names, and requests before sending, and be aware that broad phrases like “好消息分享” or “求助” may invoke the skill when you intended a different kind of help.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger list in metadata includes broad natural-language phrases such as "investor update" and "好消息分享" that can appear in ordinary conversation, increasing the chance of accidental skill activation. While this skill only drafts investor messages and does not perform privileged actions, unintended invocation could still cause confusing or irrelevant outputs in the wrong context.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The help-seeking trigger phrases for scenario C, including terms like "求助" and "需要帮忙", are very generic and likely to match many unrelated requests. This can misroute normal assistance conversations into this skill, producing investor-focused messaging when the user intended something else.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal