Tibetan Translation

Security checks across malware telemetry and agentic risk

Overview

This is a translation reference guide with no code execution, credential use, persistence, or hidden system access.

Safe to install as a translation aid. Review outputs for accuracy, register, cultural sensitivity, and religious terminology, especially for formal or Buddhist texts, and specify modern, mixed-script, transliteration, or Western punctuation preferences when needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger phrase "any content" is overly broad and can cause this specialized skill to activate for nearly all English↔Tibetan translation requests, including cases where a more general translation or policy-aware skill should take precedence. This increases prompt-selection ambiguity and can lead to inappropriate application of domain-specific defaults such as religious terminology, register assumptions, or formatting conventions.

Natural-Language Policy Violations

Low

Confidence: 76% confidence
Finding: The skill presents Tibetan punctuation conventions as the default and uses strong prescriptive language, which can override user expectations in mixed-script, modern, educational, or transliteration contexts. While not a security exploit in the traditional sense, it can cause undesired output formatting and reduce reliability by imposing locale-specific conventions without checking user intent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal