Identity Primitive Chain Prompt

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a prompt protocol, but it gives broad commands to change agent behavior and expose internal processing to tools or plugins.

Review the protocol text before installing. Use it only in low-sensitivity sessions unless it is changed to keep system/developer policies immutable, avoid chain-of-thought or hidden-prompt disclosure, and prevent tools or plugins from receiving detailed internal traces without explicit, minimized user approval.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Ssd 1

Medium

Confidence: 96% confidence
Finding: The protocol exposes natural-language controls such as '卸载协议', '加载协议', '修改协议', and '补充协议' that purport to change or remove the active governing behavior. In an agent setting, this creates a semantic prompt-injection surface where a user or embedded content can attempt to override higher-priority safety or policy constraints, making the skill materially more dangerous than a normal prompting framework.

Ssd 3

High

Confidence: 98% confidence
Finding: The skill defines commands to '展示每个基元的输入处理输出和身份叠加' and further allows process details to be redirected so that '工具' or '插件' can view them. That creates a direct natural-language pathway for exposing internal reasoning, intermediate data, sensitive user inputs, and hidden instructions to external channels, which is especially risky in an agent environment with tools or plugins.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal