Back to skill

Security audit

Mathmodel Master Full

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed math-modeling competition assistant with no evidence of malware, hidden data access, or unsafe persistence.

Install if you want a Chinese math-modeling competition workflow. Be explicit when you only want a partial answer, a non-Chinese response, or a different paper/template style, because the skill strongly defaults to full CUMCM-style paper generation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (14)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger conditions are broad enough to activate on generic requests like '帮我建模' or mentions of optimization/statistical modeling outside the intended competition context. This can cause the agent to route unrelated tasks into this skill, applying inappropriate assumptions and prompting behavior that may override user intent or load unnecessary resources.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The skill hard-codes a complete paper as the mandatory final deliverable, regardless of the user's actual request. This is dangerous because it removes user choice, can cause excessive or irrelevant output, and may push the agent to fabricate sections, results, or analysis that were never requested or supported by available data.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The activation description is broad enough to trigger on generic requests about optimization, differential equations, statistics, machine learning, or LaTeX writing, which extends far beyond the stated niche of math-modeling competitions. This can cause unintended routing to a highly prescriptive skill that may override more appropriate specialized or safety-tuned skills, increasing the chance of irrelevant, overconfident, or policy-misaligned outputs.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The skill is framed as a mandatory Chinese-language persona without offering adaptation to the user's language, which can cause inappropriate activation behavior and reduce user control over outputs. While not a classic security flaw, rigid language enforcement can degrade transparency and predictability, especially if the skill is invoked for users expecting another language or for downstream systems assuming language alignment.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The invocation guidance is broad: when a user asks to generate papers, modeling code, or templates, the skill should be called. This can match many ordinary educational or coding requests and may cause the agent to activate the skill unnecessarily, overriding better-scoped tools or injecting domain-specific behavior where it was not requested.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The skill description is written only in Chinese and frames the skill around Chinese-language competition materials without indicating language flexibility. In practice, this can push the agent toward Chinese-only outputs or assumptions that do not match the user's language, reducing usability and potentially causing unintended behavior in multilingual contexts.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The manifest uses very broad natural-language routing conditions such as 'full paper structure', 'beautiful figures', or 'matplotlib', which can be triggered by many unrelated user requests. In a skill-loading system, this can cause over-broad inclusion of deep reference files, expanding the prompt surface and potentially pulling in unintended instructions or sensitive guidance that was not necessary for the active task.

Natural-Language Policy Violations

Medium
Confidence
89% confidence
Finding
The skill content is entirely in Chinese and gives writing guidance only in Chinese, without any indication that the user's language preference should control output. In an agent setting, this can override or bias responses away from the user's requested language, causing prompt-quality and usability issues; while not a direct security exploit, it is a real policy/control weakness because the skill can steer model behavior without opt-in.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation condition is very broad ('when needing to control final paper length, chart count, aesthetics, formula density, algorithm depth, or content fullness'), which can cause this reference to be pulled into many unrelated tasks. That increases the chance the agent applies rigid paper-expansion and formatting directives even when the user did not request them, leading to scope creep and instruction override behavior.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
This file imposes Chinese-language and font-formatting requirements as mandatory defaults without checking whether the user wants a Chinese paper or is operating in a different locale. In an agent setting, that can silently override user instructions, produce unusable deliverables, or force locale-specific formatting into contexts where it is inappropriate.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
Mandating Chinese font usage for all chart text without user opt-in hard-codes a locale-specific presentation rule into generated outputs. This can break compatibility with non-Chinese documents, reduce portability across environments lacking the fonts, and cause the agent to ignore user or publisher formatting requirements.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The final checklist turns Chinese locale formatting into a mandatory gate before delivery, which operationalizes the override risk throughout the workflow. Because it is framed as a must-pass check, the agent may prioritize these locale rules over the user's actual requirements, making the skill more dangerous than a mere style suggestion.

Natural-Language Policy Violations

Medium
Confidence
96% confidence
Finding
The skill hard-codes a specific Chinese/English font and formatting convention as the default output without any user opt-in or template check. This can override a user's preferred locale, accessibility, institutional style, or competition template requirements, causing misformatted deliverables and making the agent less responsive to user intent.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger condition is broad: any task involving model selection, variables, objective functions, constraints, algorithms, or solution explanation will load this stage. In an agent system, overly permissive activation can cause the skill to be invoked outside its intended scope, leading to unnecessary instruction injection into unrelated tasks, reduced controllability, and possible interference with safer or more specific skills.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.