最强大脑 AI 公司工作流程规范

Security checks across malware telemetry and agentic risk

Overview

This skill is a planning-and-confirmation workflow guide, with no code, hidden install steps, credential use, or automatic system changes.

Install this if you want the assistant to slow down and ask for explicit confirmation before acting. Expect extra planning prompts on ordinary tasks, and review plans carefully before replying “确认执行,” especially for Git, deployment, API, or file-changing work.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger condition '用户提出新任务' is so broad that this workflow can attach itself to essentially any incoming request, forcing a mandatory planning/confirmation wrapper even when the user did not ask for it. In an agent system, over-broad activation can cause prompt hijacking of normal interactions, create denial-of-service-like friction, and interfere with higher-priority safety or system behaviors.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal