Back to skill

Security audit

Agency Role Match

Security checks across malware telemetry and agentic risk

Overview

This is a low-risk Chinese role-selection workflow that reads local role definition files only after the user chooses a role.

Install this if you want a Chinese-oriented workflow for choosing among local agency roles. Be aware it may activate on common role/workflow requests, and ask it to use your preferred language or stop the workflow if it is not what you intended.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrases are broad and include common requests like "帮我找个角色" and "用工作流", which can cause this skill to activate in contexts where the user did not explicitly ask to invoke a role-matching workflow. Because the workflow then searches local role directories and steers the conversation into a fixed multi-step process, accidental invocation can override user intent and increase exposure to prompt/skill confusion or unintended file access behavior.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The skill is written to operate in Chinese and mandates Chinese-formatted interaction without offering a language choice, which can mis-handle user intent or conceal important workflow steps from users who do not read Chinese. In a security-sensitive agent setting, lack of language transparency can reduce informed consent and make it easier for users to approve role loading or workflow execution without fully understanding what is happening.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.