用户反馈虾

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Chinese skill for analyzing user feedback, with no code execution, installs, credentials, persistence, or external data transfer behavior found.

Safe to install for feedback-analysis workflows. Customer reviews, support tickets, and surveys can contain personal or sensitive business information, so redact identifiers where appropriate and specify the desired output language when working outside Chinese.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill includes very broad trigger phrases such as '建议', '痛点', '用户声音', and '满意度', which can appear in many unrelated conversations. This can cause unintended skill invocation, pulling the agent into the wrong workflow and potentially exposing user data or degrading task reliability when feedback analysis is not actually intended.

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: The skill description is written as Chinese-only and does not indicate any language negotiation or fallback behavior, which can override user preference or cause the agent to respond in an unexpected language. This is mainly a safety and usability issue because it can confuse users, reduce transparency, and increase the chance of mishandling instructions or data interpretation in multilingual contexts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal