Back to skill

Security audit

AI印刷设计师

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Chinese print-design helper with no evidence of system access, credential use, persistence, or hidden behavior.

This skill appears safe to install for Chinese-language print design and prepress advice. Users should still confirm exact print specifications, color profiles, and production requirements with their print vendor before sending files to production.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases are broad enough to match generic design-related requests such as layout help or design advice, which can cause the skill to activate outside its intended print-design scope. This is risky because it may override user intent, inject irrelevant specialized instructions, or interfere with safer or more appropriate skills in multi-skill routing.

Natural-Language Policy Violations

Medium
Confidence
82% confidence
Finding
The skill metadata and role definition assume Chinese-language interaction without offering a language fallback or user-choice mechanism. While not a direct code-execution issue, this can lead to misinterpretation of user requests, incorrect safety-critical print specifications, or degraded usability when the user's preferred language differs.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.