Peng Lei Perspective V2

Security checks across malware telemetry and agentic risk

Overview

This is a text-only Chinese persona/advice skill with some usability concerns but no evidence of unsafe access, execution, or hidden behavior.

Install this if you want a Chinese-language business and leadership perspective skill. Be aware it may activate on general management topics, so use explicit phrasing when you do or do not want the Peng Lei persona applied.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The activation rules include broad business phrases such as '组织文化', '人才发展', and '用户洞察', which are common in many ordinary conversations. This can cause the skill to trigger unintentionally, overriding user intent or injecting a persona-specific framing when the user did not ask for it, which is a prompt-routing integrity issue.

Natural-Language Policy Violations

Medium

Confidence: 86% confidence
Finding: The skill is written entirely in Chinese and defines output style and example responses only in Chinese, without stating that the assistant should preserve or adapt to the user's language. This can lead to unwanted language switching, reduced usability, and possible mishandling of user intent in multilingual settings, though it is not directly a security-critical flaw.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal