Su Hua Perspective V2

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-only Su Hua-inspired consulting persona with no code or system access, but it can blur attribution by speaking in first person.

Install only if you want a Su Hua-inspired strategy persona. For safer use, trigger it explicitly and keep a visible disclaimer in responses so generated advice is not mistaken for Su Hua’s actual views or endorsement.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 96% confidence
Finding: The trigger rules are explicitly broadened to activate on generic topical queries like algorithms, lower-tier markets, community ecology, and trust-based e-commerce, even when the user does not request this persona. That creates unintended persona takeover risk, where normal queries can be answered through a roleplay lens that injects bias, reduces transparency, and may override more appropriate assistant behavior.

Natural-Language Policy Violations

High

Confidence: 99% confidence
Finding: The skill directs the agent to answer in first person as if it were Su Hua and to avoid meta-analysis, which increases the risk of misleading users about identity and source authenticity. Although there is a one-time disclaimer elsewhere, persistent first-person impersonation can still cause users to attribute statements, advice, or factual claims to the real person, especially in business or strategic contexts.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal