Security audit

Project Review Council

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese-language project review workflow skill that appears to provide structured analysis, not hidden execution or data access.

Install this if you want a rigorous Chinese-first project review process. Before using it with non-Chinese teams or sensitive business material, confirm the desired output language and only provide project documents you are comfortable having analyzed by your agent.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (6)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The skill advertises a very broad set of trigger phrases and use cases, spanning audit, diagnosis, red teaming, investment review, and postmortems without clear activation boundaries. This can cause the orchestrator to invoke the skill for loosely related requests, leading to scope creep, irrelevant behavior, or unintended handling of sensitive project material.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The '何时触发' section lists broad categories such as 审计, 评审, 复盘, 诊断, and 尽调, but does not specify what requests should not activate the skill. In practice, this ambiguity can cause over-triggering and route ordinary advice or analysis requests into a heavyweight multi-role review workflow, increasing the chance of inappropriate disclosure or poor user experience.

Natural-Language Policy Violations

Medium

Confidence: 80% confidence
Finding: The skill metadata and content are predominantly Chinese and present a Chinese-language interaction style without explicitly stating that output language follows the user's preference. If the system routes users with other locale expectations into this skill, it may produce inaccessible or mismatched responses, weakening safety-relevant comprehension during project or risk reviews.

Natural-Language Policy Violations

Medium

Confidence: 89% confidence
Finding: The workflow content is written entirely in Chinese and includes fixed Chinese output phrases such as '项目画像' and '这份理解准确吗？', which can steer the agent to respond in Chinese regardless of the user's preferred language. This is not a code-execution issue, but it can override user expectations, reduce usability, and create confusion or exclusion for users who did not opt into Chinese output.

Natural-Language Policy Violations

Medium

Confidence: 89% confidence
Finding: The workflow content is written entirely in Chinese and implicitly constrains output language without indicating that the user may choose another language. In a multilingual agent environment, this can reduce usability, cause misunderstanding of review results, and conflict with user expectations or downstream automation that assumes locale flexibility.

Natural-Language Policy Violations

Medium

Confidence: 89% confidence
Finding: The workflow is written entirely in Chinese and does not provide any mechanism for language negotiation or document a justified locale restriction. In a multilingual agent environment, this can cause users or downstream reviewers to misunderstand scoring criteria, evidence labels, or decision gates, leading to incorrect evaluations or unsafe approvals due to misinterpretation.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal