Security audit

Self Intro

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Chinese interview self-introduction writing skill with no code, hidden data access, or persistence.

Install this if you want Chinese-language help drafting interview self-introductions. Share only resume and career details you are comfortable providing, and explicitly state your preferred language, tone, formality, and target interview context if you do not want the default Chinese conversational style.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The activation text is broad enough to trigger on loosely inferred interview-preparation intent, including cases where a user may only mention resumes, openings, or preparation generally. That can cause the wrong skill to take over, leading to misrouting, unnecessary collection of personal career data, and responses that do not match the user’s actual request.

Natural-Language Policy Violations

Medium

Confidence: 83% confidence
Finding: The skill hard-codes a specific linguistic style rule ('use 我 rather than 本人') without checking user preference, which can override the user’s desired tone, locale, or formality. While not a classic security flaw, it is a real safety/quality issue because it can produce unsuitable or culturally mismatched output in sensitive employment contexts.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.