Yq Prompt Optimizer

Security checks across malware telemetry and agentic risk

Overview

This is a text-only prompt-optimization skill with no executable code, persistence, credential access, or hidden data flow.

Install this if you are comfortable using a Chinese-language prompt optimizer. Non-Chinese users may prefer a language-aware alternative, but there is no evidence here of hidden execution, data collection, credential use, or destructive behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Natural-Language Policy Violations

Medium

Confidence: 93% confidence
Finding: The skill is authored entirely as mandatory Chinese instructions and does not offer any language negotiation or fallback behavior. This can coerce users into a language they may not understand, increasing the chance of confusion, mis-consent, or misuse of optimized prompts, especially when the skill is invoked in multilingual environments.

Natural-Language Policy Violations

Medium

Confidence: 95% confidence
Finding: Requiring a fixed Chinese welcome message to be displayed in full on first interaction forces a non-optional language-specific output before the assistant can adapt to user needs. This may mislead or exclude users who cannot read Chinese, and it can interfere with safe and effective interaction by prioritizing rigid boilerplate over comprehension and consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal