Post Summarizer

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill is a public news and article summarizer with some overly broad trigger phrases, but no hidden code, credential access, persistence, or destructive behavior.

Install this if you want a Chinese-language assistant for summarizing public news and articles. Use clear news-related prompts, source names, or article URLs to avoid accidental web searches; the artifact does not show local data access, persistence, or credential use.

SkillSpector (3)

By NVIDIA

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill description uses very broad activation examples such as '帮我看XX新闻' and '总结这篇', which can overlap with ordinary requests that are not clearly intended to invoke this specific skill. This increases the chance of unintended routing to a web-fetching summarizer, causing unexpected external access and responses based on fetched content rather than the user's intended workflow.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: Mode A explicitly lists ambiguous phrases like '帮我看XX' and 'XX热点', which are not specific to articles or news sources. An attacker or accidental user phrasing could trigger this skill in unrelated contexts, leading to unintended browsing, content retrieval, and summarization of external material.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger phrase '今天发生了什么' is conversationally common and lacks any scope limitation to news. Because Mode E performs multi-source fetching and aggregation, accidental activation could cause unnecessary external retrieval and unexpected behavior in normal conversation.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal