Back to skill

Security audit

Character Builder

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate character-skill generator, but it should be reviewed because it can persist generated skills into a local skill directory without a clear confirmation or overwrite boundary.

Review before installing if you do not want generated characters to become persistent local skills. Use it only when you explicitly want a reusable Skill file, confirm the output path before writing, avoid overwriting existing skill folders, and narrow invocation phrases if your environment auto-routes skills from trigger text.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill instructs writing generated output into a fixed local skills directory, which turns a content-generation prompt into one that performs persistent filesystem changes. If executed by an agent with write access, this can create or overwrite installed skills without clear user approval, enabling persistence and potentially altering future agent behavior.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list includes several broad, everyday phrases such as '创建角色', '角色设计', and '生成角色', which can match ordinary user requests outside the intended meta-skill context. This can cause unintended activation of a powerful skill that generates executable skill artifacts, increasing the chance of prompt-routing mistakes or misuse in contexts where the user did not explicitly request this capability.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases are broad and overlap with ordinary user language such as '生成角色' or '角色设计', making accidental activation more likely. In an agent environment, over-broad invocation can route benign conversations into a powerful skill that performs extensive generation steps and possibly file output, increasing the chance of unintended side effects.

Natural-Language Policy Violations

Low
Confidence
79% confidence
Finding
The exemplar hard-codes that the character '能说流利的上海话和国语,偶尔蹦出几句英语', which can cause the generated skill or character to impose specific languages/dialects without the user's explicit preference. This is not a classic security flaw, but it is a genuine policy/quality vulnerability because it can override user intent, reduce accessibility, or produce unwanted persona behavior in downstream skill generation.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger list includes broad, common phrases such as '生成角色', '创建角色', and '角色设计', which can appear in ordinary user conversations unrelated to explicitly invoking this skill. This increases the chance of accidental activation, unintended context switching, or prompt-routing into a powerful meta-skill that can generate executable role skills with embedded behavior constraints and orchestration logic.

Natural-Language Policy Violations

Medium
Confidence
80% confidence
Finding
The skill hard-codes Chinese as the interaction language ('正常中文交流') without offering language negotiation or user consent. While not a direct code-execution issue, this can cause user-intent mismatch, reduce transparency, and in multilingual environments may lead users to misunderstand generated instructions or behavioral constraints embedded in the produced skill.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.