Back to skill

Security audit

高考志愿填报智能指导

Security checks across malware telemetry and agentic risk

Overview

This is a text-only Gaokao admissions-planning skill with no code execution, credential access, persistence, or hidden data flow.

Safe to install from a security perspective. Use it as planning support only, share only the exam and preference details needed, and verify score lines, ranks, admission rules, and final choices with the relevant provincial examination authority and official school admissions materials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill’s trigger description is broad enough to match many general education or advice queries, which can cause the agent to activate outside its intended high-school admissions niche. Over-broad activation increases the chance of misrouting user requests, exposing users to low-quality or inapplicable guidance and potentially suppressing more appropriate specialist skills.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.