Business Domain Payload

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Chinese business workflow catalog with no executable code or hidden access behavior.

Installers should treat this as a broad business-process reference pack. Review outputs before using them for public posts, CRM updates, compliance decisions, budgets, or regulated filings, and avoid giving it sensitive customer or business data unless that is intended for the task. Non-Chinese users may need to ask the agent to translate or adapt the workflow to their preferred language and locale.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 95% confidence
Finding: The file is entirely written in Chinese and presents itself as a universal business task catalog, which effectively constrains interaction to a specific language/locale without any visible opt-in or fallback. While not directly exploitable like code execution, this can cause the agent to ignore user language preferences, reduce usability, and lead to misunderstandings in downstream business, compliance, or operational tasks.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal