Enhanced Prompt Suite

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a broad prompt-template skill, but it enters medical and financial advice areas without clear safety boundaries.

Install only if you intentionally want a broad prompt-template skill and are comfortable policing its use yourself. Do not rely on its medical or investment outputs for real diagnosis, treatment, medication, portfolio construction, or financial decisions unless the publisher adds clear opt-in modes and domain-specific safety guardrails.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill uses broad '执行协议等待指令' style handlers with weak trigger constraints, which makes the skill easy to activate for many unrelated user requests. In an agent environment, this can cause overbroad prompt capture and unintended steering of downstream behavior, especially because the templates prescribe how answers should be structured by default.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The file defines many generic domain templates as universal instruction handlers across medicine, finance, software, security, education, and more. This breadth increases the chance that normal user queries are intercepted or heavily shaped by the skill, creating prompt overreach and making policy-sensitive domains easier to engage without dedicated safeguards.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The medical template explicitly maps '疾病症状' to '诊断药物疗程' and can generate a '完整治疗' output without any disclaimer, triage guidance, or referral to licensed professionals. That creates a direct risk of unsafe medical advice, inappropriate drug recommendations, and harmful self-treatment in a high-consequence domain.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The investment template generates a '完整组合' or '完整策略' from risk/return/liquidity factors but does not warn that content is not financial advice or that losses may occur. Users may over-rely on generated investment allocations, exposing them to avoidable financial harm and potential compliance issues.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal