YES.md 中文版

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese instruction-only engineering workflow skill that is broad but transparent and does not include hidden code, persistence, credential handling, or data exfiltration.

Install this if you want a Chinese workflow skill that makes the agent gather evidence, use tools before guessing, back up files before risky edits, and verify results. Keep normal approval controls for production deployments, database changes, and commands that read sensitive environment details.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

High

Confidence: 94% confidence
Finding: The activation criteria are so broad that this skill can trigger for routine development, debugging, deployment, configuration, and data tasks, effectively making it a near-global behavioral override. That increases the chance of unintended invocation, instruction conflicts with other skills, and over-application of rigid procedures in contexts where they may be unsafe, inapplicable, or disruptive.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal