AI 应用工程师日报

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese AI-news daily briefing skill that only instructs the agent to gather public web sources and produce a structured report.

Install this if you want a Chinese AI-industry daily briefing skill. Be aware it may activate on broad phrases like “生成一份日报”; users who want tighter control should invoke it with explicit wording such as “AI 应用工程师日报” or “AI 日报.”

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger phrases include broad everyday requests such as '帮我看看今天 AI 圈发生了什么' and '生成一份日报', which can match normal conversation and cause the skill to activate when the user did not explicitly intend to invoke it. Unintended activation can redirect the assistant into external-news collection behavior, increasing the chance of surprising network access, irrelevant output, and bypass of user expectations about what task is being performed.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal