S2 中国品牌个性量表演算模型

Security checks across malware telemetry and agentic risk

Overview

This is a China-market brand personality analysis prompt skill with language and scoping caveats, but no evidence of harmful behavior.

Install this if you want a specialized Chinese-market brand personality analysis framework. Before relying on results, clarify whether values are simulated or search-derived, provide competitors for context, and ask for your preferred language or market scope if Chinese-localized analysis is not what you want.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The README says to 'wake up this SKILL' and provide a brand name, but it does not define a precise trigger phrase, activation scope, or clear boundary for when the skill should engage. In agent environments, overly broad invocation language can cause accidental or context-inappropriate activation, making the skill easier to invoke unintentionally and increasing the chance of misuse or prompt-scope confusion.

Natural-Language Policy Violations

Medium

Confidence: 95% confidence
Finding: The skill text directs the agent to operate in Chinese only ('你是...' and the protocol is entirely Chinese) without giving the user a language choice or opt-in. This can override user language preference, reduce transparency, and increase the risk of misunderstanding or unsafe downstream actions if a user cannot accurately review the output.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal