Back to skill

Security audit

Universal Task OS

Security checks across malware telemetry and agentic risk

Overview

This appears to be a text-only Chinese task/innovation workflow skill with broad activation wording but no evidence of hidden code execution, data access, persistence, or exfiltration.

Install this only if you want a Chinese-language general workflow framework to influence task planning. Use explicit invocation where possible, and do not let its 'any task' framing override professional, legal, medical, financial, or security-specific safeguards.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases are very broad and include generic terms such as '执行', '内容', '创新', '任务系统', and '全栈任务', which are likely to appear in many normal prompts. This can cause unintended skill activation, leading the agent to apply this skill in contexts where it was not explicitly requested and potentially override more appropriate instructions or workflows.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list is extremely broad and contains common workflow terms such as 'Pipeline', '任务分解', and '工作流', which are likely to appear in ordinary user requests. This creates a prompt-routing vulnerability where the skill may activate unintentionally, causing unrelated conversations to be reframed through its task-decomposition system and potentially overriding more appropriate instructions or safety posture.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The file repeatedly claims universal applicability to 'any domain' and 'any task' without defining exclusions, limits, or handoff conditions. That ambiguity is dangerous because it encourages the agent to apply the skill in sensitive domains like law, medicine, finance, or security-critical operations even when the framework is not appropriate, increasing the chance of unsafe automation or overreach.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The file is written entirely in Chinese and does not offer a language choice, opt-in, or fallback, which can cause users or downstream agents to misunderstand instructions or operate the skill without informed comprehension. In a general-purpose skill advertised for arbitrary tasks, this increases the risk of misuse, incorrect execution, and failure to notice unsafe or sensitive guidance because the language barrier affects the whole workflow.

Natural-Language Policy Violations

Medium
Confidence
94% confidence
Finding
The skill is authored entirely in Chinese and repeatedly frames its operating instructions, schemas, and examples in Chinese without any mechanism to detect or honor the user's preferred language. In practice this can cause misunderstanding of task constraints, safety requirements, or outputs for non-Chinese-speaking users, which is a real usability and safety issue even though it is not a classic exploit primitive.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.