每日简报生成器

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This is a straightforward Chinese daily briefing skill that fetches public news sources and writes a local Markdown report, with no evidence of hidden credential access, destructive behavior, or exfiltration.

Install this only if you are comfortable with the skill making outbound requests to public news and developer sites when you ask for a briefing, and with generated reports being saved locally. Important news or business decisions should still be verified against the original sources.

SkillSpector (3)

By NVIDIA

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The trigger phrases like '给我今天的简报' and '生成一份今日科技简报' are broad, natural requests that can easily overlap with ordinary assistant usage. This can cause the skill to activate unexpectedly, leading to unsolicited network retrieval, source bias, or execution of its workflow when the user did not explicitly intend to invoke this specific skill.

Natural-Language Policy Violations

Medium

Confidence: 86% confidence
Finding: The skill description hard-codes Chinese output and frames the briefing around Chinese-language presentation without obtaining user preference. While not directly enabling code execution, it can override user intent, reduce relevance for non-Chinese users, and silently bias outputs toward one language/locale.

Natural-Language Policy Violations

Low

Confidence: 83% confidence
Finding: The workflow explicitly prioritizes Chinese information sources without offering a language or locale choice. In a news aggregation context this can bias coverage and omit relevant global sources, especially when broad trigger phrases may auto-activate the skill.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal