Xue Feng Skill V192

Security checks across malware telemetry and agentic risk

Overview

This is a college-major and career-planning guidance skill with no executable code, persistence, credentials, or hidden high-impact behavior.

Install only if you want an opinionated Chinese gaokao major-selection framework. Treat its recommendations as guidance, verify current admissions and job-market data, and be cautious sharing sensitive family, score, gender, or background details unless needed for the advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The activation rules are very broad and trigger on generic education, employment, and planning questions without clear boundaries or exclusion criteria. This can cause the skill to be invoked for users who are not actually seeking gaokao-major guidance, increasing the chance of irrelevant, overconfident, or biased advice being applied in the wrong context.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal