Back to skill

Security audit

Esl Ep Grader

Security checks across malware telemetry and agentic risk

Overview

This is a simple homework-grading prompt for elementary ESL work, with no code, installation steps, credentials, or hidden system access.

Safe to install for its stated use. Because it is intended for student homework, users should avoid submitting unnecessary personal details about children and should set feedback_lang to English or bilingual when Chinese feedback is not desired.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
The skill hardcodes its operational prompt entirely in Chinese and defaults feedback to zh-CN without requiring explicit user preference or preserving the conversation language. In a multi-language assistant, this can override user expectations, produce inaccessible output, and create policy/compliance issues around language handling, especially when the user did not request Chinese output.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.