ALIWAY

Security checks across malware telemetry and agentic risk

Overview

This skill is a writing-style helper for Alibaba-like Chinese strategic documents and does not request system access or sensitive permissions.

Install this if you specifically want Chinese strategic-document rewrites in an 阿里味/P10 style. Be aware it may trigger on broad business-strategy wording and make outputs more forceful or culturally specific, so explicitly tell your agent to preserve the original tone or not use the skill when that matters.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The manifest advertises activation on very broad keywords such as 'CTO视角', '使命愿景', '顶层设计', and general strategic-writing requests, which can cause the skill to trigger outside its narrow intended use. Over-broad activation increases the chance of prompt hijacking at the routing layer, where the assistant may apply this prescriptive style to unrelated user tasks and override user intent or more appropriate skills.

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: The skill is written as a strongly opinionated Chinese '阿里味/P10' style transformation and does not indicate any opt-in, fallback, or preservation of the user's original language/tone preferences. If auto-selected, it can impose a specific cultural and linguistic framing on outputs, causing misleading tone shifts, reduced usability, and user-intent mismatches rather than direct code-execution risk.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal