小红书文案专家

Security checks across malware telemetry and agentic risk

Overview

This is a Xiaohongshu copywriting skill made only of prompt and reference text, with no executable code or system access.

Install this if you want Chinese Xiaohongshu-style marketing or lifestyle copy. Give clear instructions when facts must be preserved, review any generated product claims or personal-experience details, and disclose promotional or sponsored content where required.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger conditions are broad enough to match common conversational terms such as '改写文案' or generic references to '爆款', which can cause the skill to activate outside its intended scope. This can lead to unwanted interception of unrelated requests and override more appropriate skills, reducing reliability and potentially causing incorrect outputs in benign user contexts.

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: The skill hardcodes Chinese language, Xiaohongshu-specific style, and platform-specific norms without any locale or language negotiation. If invoked for users with different language preferences or contexts, it can produce inappropriate or unusable content and may override user intent, though this is primarily a quality and safety-of-operation issue rather than a direct security compromise.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal