Context-Inappropriate Capability
Medium
- Confidence
- 95% confidence
- Finding
- 该技能将“必须执行”WebSearch用于搜索工业界应用,属于与用户核心算法求解需求不直接相关的外部数据访问。即使表面用途正常,也会在每次解题中扩大数据外发面,并可能把用户题目、上下文或专有问题描述发送给外部搜索服务,带来不必要的隐私、合规和提示注入风险。
algorithm-solver
Security checks across malware telemetry and agentic risk
Overview
This skill is an algorithm-solving coach whose tool use is disclosed and mostly purpose-aligned, with some privacy and over-triggering caveats.
Install if you want a structured algorithm-coaching workflow and are comfortable with generated code being run for tests. Avoid including private or proprietary problem statements when the skill may use WebSearch, and be aware it may respond in Chinese and activate broadly on algorithm-related prompts.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
- Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)
Vague Triggers
Medium
- Confidence
- 87% confidence
- Finding
- 该技能描述称在用户提出算法题、数据结构问题、或要求解题时自动触发,范围较宽,容易与普通编程问答、教育解释甚至泛化技术讨论重叠。误触发后会导致不必要地调用 Bash、WebSearch 等工具,增加外部访问、执行复杂度和越权处理用户请求的机会。
VirusTotal
64/64 vendors flagged this skill as clean.