AI编程工程化

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese-language AI software engineering workflow guide with only Markdown instructions and no hidden system access.

Install this if you want Chinese-language guidance for structuring AI-assisted software projects. Be aware it may activate for broad coding-process questions and may answer in Chinese; users should still apply project-specific judgment and not treat its templates as a substitute for human review.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger list includes very generic terms such as '开发流程', '代码质量', and 'API设计', which can cause the skill to activate in many unrelated conversations. Over-broad activation can route users into an unintended workflow, increasing the chance of prompt hijacking, inappropriate behavior, or denial of expected functionality in contexts where this skill should not run.

Natural-Language Policy Violations

Medium

Confidence: 87% confidence
Finding: Forcing Chinese-only output without user choice can create unsafe or misleading interactions when the surrounding system or user expects another language. In security-sensitive or technical workflows, mandatory locale restriction may cause misunderstanding of requirements, review results, or remediation guidance, reducing usability and potentially leading to operator error.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal