视频生成提示词优化

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-writing helper for AI video generation, with no executable code or sensitive access; its main caveats are broad activation wording and a Chinese-first output format.

Install this if you want a Chinese-guided assistant for crafting English AI video prompts. Expect it to route some broad video or scene-description requests into this workflow, and expect surrounding explanation to be in Chinese unless the skill is revised or overridden by the user.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill description contains many broad trigger phrases plus a catch-all clause for semantically similar requests, which can cause the skill to be invoked for loosely related user intents. This increases the chance of inappropriate routing, overshadowing more suitable skills, and unexpected behavior in multi-skill environments.

Natural-Language Policy Violations

Medium

Confidence: 89% confidence
Finding: The skill strictly requires a Chinese introductory section and output format regardless of the user's language, which can override user preferences and cause language-mismatch responses. While not a direct security exploit, this can degrade reliability, confuse users, and create policy/UX issues when the surrounding system expects language preservation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal