李诞写作心法

Security checks across malware telemetry and agentic risk

Overview

This is a writing-style skill with a simple local article checker, and its behavior matches its stated purpose.

Install this if you want a Chinese long-form writing framework for explanatory articles. Be aware it may activate for broad writing or explanation requests and steer outputs into this style. Only run the quality-check script on article files you intend it to read.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger conditions are broad enough to activate on many ordinary requests such as 'explain X' or 'write an article about X,' which can cause the skill to override user intent unexpectedly. Over-broad auto-activation can lead to prompt hijacking of benign workflows, forced formatting, and reduced user control over how the assistant responds.

Natural-Language Policy Violations

Medium

Confidence: 77% confidence
Finding: The skill strongly prescribes Chinese-language style and output behavior without checking user language preference or declaring a justified locale restriction. While not a classic security bug, this can create policy and control issues by causing unintended language switching, misleading outputs, or poor interoperability in broader agent workflows.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal