techflow-news

Security checks across malware telemetry and agentic risk

Overview

This skill summarizes public Chinese TechFlow news from a fixed website and does not request sensitive access or system changes.

Install this if you want Chinese TechFlow-only news summaries. For broader news coverage or another language, ask your agent to use other sources or clarify the source before relying on the summary.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill is triggered by very generic requests like '今天有什么新闻' or '汇总今天的文章', which overlap with normal user intents that do not explicitly ask for this specific source. That can cause over-broad routing and silently force the assistant to use this skill and its single-source scraping behavior when the user may have intended a broader or different news summary.

Natural-Language Policy Violations

Low

Confidence: 81% confidence
Finding: The skill hardcodes a Chinese locale/source variant (`?lang=zh-CN`) without indicating that this is a source-specific or language-specific choice. This can bias results, reduce user autonomy, and produce mismatched outputs for users who did not request Chinese-language content or this particular regional variant.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal