Info Vivid

Security checks across malware telemetry and agentic risk

Overview

This appears to be a chart/report generation skill with only a minor risk of activating on broad visualization requests.

Install if you want a general visualization/reporting helper. Be mindful that broad prompts like “visualize data” may route to this skill, so avoid including sensitive datasets unless you intend the skill to process them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger phrases are broad generic requests such as '生成图表', 'visualize data', and 'render report', which can match many unrelated user intents. Overbroad activation can cause the skill to engage unexpectedly, increasing the chance of unwanted file generation or routing sensitive structured data into this skill when the user intended a different tool or no tool at all.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal