Back to skill

Security audit

Study Roadmap Generator

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a straightforward Chinese study-roadmap generator with no evidence of hidden data access, persistence, or destructive behavior.

Install this if you want Chinese structured learning roadmaps. Be aware it may answer in Chinese even if the surrounding conversation is in another language, and it may activate for broad study-planning prompts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases are broad and overlap with ordinary learning-related requests such as asking for a study plan or roadmap. This can cause the skill to activate in contexts where the user did not explicitly intend to use it, creating routing confusion and increasing the chance that other safeguards, preferences, or more appropriate skills are bypassed.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The skill hard-requires Chinese output regardless of the user's language preference or surrounding conversation context. While not directly enabling code execution or data exfiltration, this can degrade usability, cause misunderstanding of important guidance, and override higher-level user intent in multilingual settings.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.