技术解释器（当你发来一句或一段包含技术名词的文本时，自动识别其中的专业术语，用"是什么 → 解决什么问题 → 通俗比喻"的三步法，为没有技术背景的小白逐个解释每一个陌生词汇。）

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese-language technical term explainer made only of Markdown instructions and a glossary, with no code, credentials, persistence, or external data access.

Install this if you want Chinese, beginner-friendly explanations of technical terms. Do not paste secrets or sensitive private text into prompts, and verify important technical details because the skill favors simple analogies over exhaustive precision.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger conditions are broad enough to activate on generic educational or explanatory requests, which can cause the skill to overtake conversations outside a narrowly defined scope. This is not directly a code-execution or data-exfiltration issue, but it can lead to unintended invocation, reduced user control, and inappropriate routing of requests.

Natural-Language Policy Violations

Medium

Confidence: 78% confidence
Finding: The skill is written to produce Chinese-language, colloquial output without any user language choice or documented locale restriction. In multilingual environments this can cause misuse or misrouting, making the skill respond in an unexpected language and reducing usability or policy compliance, though it is not inherently a severe security flaw.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal