分还是不分·Mean Girl关系诊断

Security checks across malware telemetry and agentic risk

Overview

This relationship-advice skill is mostly coherent, but it automatically pushes sensitive chats into local rendering files and a background web server to send an image card.

Review before installing. Use this only if you are comfortable with a blunt relationship-advice persona and with submitted chats potentially being written to local temporary files and turned into a shareable image. Redact names, phone numbers, addresses, photos, and other identifiers, and consider disabling or confirming the render/send step before use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (10)

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The skill instructs spinning up a local HTTP server and driving a browser with Playwright to render content, which is operational behavior beyond a simple relationship-analysis skill. Even if intended for UI rendering, this expands the attack surface by introducing local service exposure, browser automation, and execution of subprocess-like actions that could be abused if any rendered content is attacker-controlled.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The instructions copy generated output into a fixed application media directory and trigger a send action, which is a side effect not justified by the stated purpose of analyzing relationship text. Fixed-path file writes plus automatic outbound messaging create a data exfiltration and unauthorized action risk, especially since the skill may process sensitive personal conversations and screenshots.

Vague Triggers

High

Confidence: 95% confidence
Finding: The trigger conditions are extremely broad and can activate on ordinary emotional venting, generic relationship complaints, or pasted conversations without clear user intent to invoke a specialized breakup-analysis workflow. In this context, over-triggering is dangerous because it can capture highly sensitive interpersonal content and steer vulnerable users into a harsh, high-confidence decision aid they did not explicitly request.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The README explicitly encourages users to provide chat logs, SMS screenshots, and dialogue records, which commonly contain sensitive personal data and third-party information. Without a privacy warning, minimization guidance, or redaction instructions, users may overshare intimate or identifying content that the system does not need to fulfill the task.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger scope is broad enough to activate on generic relationship complaints or any pasted conversation, which can pull users into a highly opinionated breakup-analysis flow without clear intent. In this context, unintended activation increases the chance of collecting sensitive relationship details and delivering forceful advice when the user may have wanted simple support or a different kind of help.

Natural-Language Policy Violations

Medium

Confidence: 95% confidence
Finding: The file explicitly requires a fixed 'Mean Girl' tone and instructs the agent to avoid plain phrasing, without any user opt-in or safety gating. In a relationship-advice skill, enforced harsh or mocking language can increase emotional harm, especially for distressed users, and removes the model's ability to adapt tone to vulnerability signals or user preference.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger signals are phrased as broad, common emotional statements about relationship uncertainty, so the scenario can activate on vague distress rather than a clearly bounded 'profit-taking breakup' case. In a sensitive relationship-advice skill with a sharp persona, overbroad routing can misclassify users in fragile emotional states and push them toward premature breakup-oriented framing or advice that does not fit their actual needs.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The rendering workflow performs undisclosed file writes, launches a local HTTP service, invokes browser automation, and copies files into an application directory without warning the user. In this skill context, users are likely to submit highly sensitive relationship details and chat logs, so hidden operational side effects materially increase privacy and misuse risk.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The skill explicitly instructs the system to ingest private relationship chat logs, extract content from them, and quote 3-5 original lines back in the output. That creates unnecessary exposure of intimate, potentially identifying communications and magnifies privacy harm if the output is retained, logged, viewed by others, or reused downstream.

Ssd 3

Medium

Confidence: 94% confidence
Finding: Requiring a rendered diagnostic image turns sensitive relationship analysis into a durable, easily shareable artifact that may contain private facts, emotional assessments, or excerpts from chats. Compared with transient text, an image is more likely to be saved, forwarded, screenshotted, or exposed outside the original context, increasing confidentiality risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal