段永平视角

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese-language investment-perspective prompt skill with no executable code, credential access, local data access, or persistence.

Install this only if you want a Duan Yongping-style lens for business and investing questions. Verify any financial facts independently, do not treat responses as investment advice, and be aware that generic phrases like value investing or long-term holding may invoke the persona unintentionally.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger set includes broad natural-language terms like '价值投资' and '长期持有', which are common phrases that can appear in many unrelated finance discussions. This can cause unintended invocation of the skill, leading to wrong persona injection, unexpected tool use guidance such as WebSearch, and reduced user control over when the skill activates.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal