Yu Liang Perspective V2

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only business persona skill with low-impact activation-scope caveats and no evidence of hidden code, data access, persistence, or destructive behavior.

Install this only if you want a Yu Liang/Vanke-style strategic business framing. Consider editing the trigger words to require explicit opt-in, and treat outputs as role-play business advice rather than official statements or verified financial guidance.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger list includes broad everyday phrases such as “活下去” and “现金流为王,” which can appear in ordinary business discussions unrelated to intentional skill activation. This can cause accidental invocation of the persona and unintended response shaping, reducing user control and making downstream behavior less predictable.

Natural-Language Policy Violations

Medium

Confidence: 87% confidence
Finding: The skill instructs the agent to respond directly in a fixed persona and style after activation, without offering a language/style choice or explicit ongoing opt-in. This can override normal assistant behavior and user expectations, especially if activation was accidental, leading to confusing or unwanted responses.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal