Back to skill

Security audit

Sichuan Cuisine (川菜大全)

Security checks across malware telemetry and agentic risk

Overview

This is a static Sichuan cooking reference skill with no executable code, credential use, persistence, or sensitive access.

Safe to install as culinary reference material. Users should adapt recipes for allergies, food safety, heat tolerance, and local ingredient availability, especially when the advice assumes Chengdu-style ingredients or markets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger description is extremely broad, covering generic recipe, ingredient, meal planning, and food-culture queries plus a long keyword list. This can cause the skill to activate for common food questions outside a clearly scoped Sichuan-specific intent, leading to over-triggering, incorrect routing, and unintended disclosure or use of skill content in irrelevant contexts. In this cooking-skill context, the danger is operational rather than directly harmful, but broad matching still increases attack surface for prompt-routing mistakes.

Natural-Language Policy Violations

Low
Confidence
82% confidence
Finding
The workflow specifies a default 'Chengdu context' for recommendations without asking the user for location or preference. This can bias ingredient availability, brand recommendations, and meal advice toward a specific locale, producing misleading or less useful guidance when the user is elsewhere. In this skill, the impact is limited because it affects relevance and user autonomy more than security, but it is still a real scoping and preference-handling issue.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.