Back to skill

Security audit

First Principles Thinking

Security checks across malware telemetry and agentic risk

Overview

This is a text-only reasoning aid that may make the assistant ask more clarifying questions, but it does not request tools, files, credentials, network access, or persistence.

Install this if you want the assistant to challenge assumptions and clarify goals before solving problems. Expect occasional extra questions or a more analytical style; avoid it if you prefer direct execution for routine tasks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The activation description is broadly phrased and can match many normal requests for deeper analysis or improvement, causing the skill to trigger outside narrow intended contexts. This can override expected assistant behavior, introduce unnecessary interrogation or friction, and create prompt-routing ambiguity that an attacker could exploit to steer conversations into this skill.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger examples include generic phrases such as '帮我优化...' and '怎么实现 X', which commonly appear in routine coding and productivity requests. Because these examples are not scoped by domain, complexity, or explicit opt-in, they increase the chance of accidental activation and misrouting, which can degrade reliability and be abused to force an unintended interaction style.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.