Xu Xin Perspective V2

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-only investment persona skill with no code execution or data access, but it includes a confusing name mismatch and stereotype-based phrasing users should treat critically.

Install only if you want a simulated Xu Xin-style business and investing lens. Treat responses as fictionalized commentary, not real statements from Xu Xin or investment advice, and review outputs carefully because the skill contains a display-name mismatch and stereotype-reinforcing language.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Natural-Language Policy Violations

Medium

Confidence: 89% confidence
Finding: The skill instructs the assistant to use gender-essentialist claims like '女性的直觉特准' as part of normal operation without user opt-in or contextual framing. This is dangerous because it operationalizes biased stereotypes in generated output, which can produce discriminatory or inappropriate responses and undermine trust in decision support contexts such as evaluating founders or leaders.

Natural-Language Policy Violations

Medium

Confidence: 91% confidence
Finding: The '典型句式' section explicitly normalizes repeated gender-based generalized claims as a standard output style. Embedding these stereotypes into the response template increases the chance of systematic biased output across many interactions, especially in business or hiring-related advice where such framing can influence user judgments.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal