article-image

Security checks across malware telemetry and agentic risk

Overview

This is a low-risk recommendation skill that only suggests image sources, keywords, styles, and licensing reminders for article images.

This skill appears safe to install as a writing aid. Treat its image-source and licensing notes as suggestions, and verify each image's license and attribution requirements before using it commercially or publicly.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The activation phrases are generic requests such as '帮我找几张配图' and '推荐一个封面图', which can plausibly appear in normal conversation and cause the skill to activate when the user did not explicitly intend to invoke this specific capability. In an agent system, overly broad triggers can lead to unintended context switching or recommendations being injected into unrelated workflows, though this skill is read-only and does not perform external actions, which limits the severity.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal