跨学科侦探周

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable educational skill for guiding cross-subject study projects, with minor routing and language-scope considerations but no evidence of hidden or unsafe behavior.

Install this if you want a Chinese-language study-planning skill for interdisciplinary projects. Be aware it may activate for fairly general cross-subject or project-learning questions, and it may work with related note or learning-profile skills to organize study history.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The skill description uses very broad trigger phrases such as requests to connect subjects or do project-based learning, combined with language like '必须激活此SKILL' and '务必调用此SKILL.' This can cause unintended over-invocation, crowding out other tools or workflows and giving the skill control in contexts where it may be only partially relevant, which is a prompt-routing security and reliability issue.

Natural-Language Policy Violations

Medium

Confidence: 82% confidence
Finding: The skill content is written entirely in Chinese and frames activation/output behavior around Chinese-language prompts without any indication of user language preference or opt-in. While not overtly malicious, enforcing a locale can degrade user autonomy, cause confusing responses for non-Chinese users, and increase the chance of misrouting or unusable outputs in multilingual environments.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal