Summarize Pro

Security checks across malware telemetry and agentic risk

Overview

This is a document summarization instruction skill with no executable code, credential access, persistence, or hidden data handling.

Reasonable to install if you want a document summarization helper, but confirm the exact package name and version first because the metadata is inconsistent. For contracts, legal material, or confidential reports, only provide documents you intend the agent to process and verify summaries against the original text.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The description uses broad natural-language phrasing like '长文档、合同、文章扔进来' and '自动抽骨架', which can match ordinary user conversation rather than an explicit opt-in command. In agent environments that route by semantic similarity, this increases the chance of accidental invocation on unrelated content, potentially causing unintended processing of sensitive documents such as contracts or reports.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal