🇺🇸 美国最新关税政策查询

Security checks across malware telemetry and agentic risk

Overview

This appears to be an informational tariff and trade-policy lookup skill with some broad examples, but no evidence of hidden access, persistence, credentials, mutation, or destructive behavior.

Use this skill as a research aid for tariffs and trade-policy questions, and verify time-sensitive rates, exemptions, and legal compliance against official sources before acting on them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill description promises broad natural-language tariff and policy lookup without clearly defining activation boundaries, exclusions, or limits on related trade-policy analysis. In agent environments, this can cause over-broad triggering and unintended invocation for adjacent topics, leading to irrelevant web access, user confusion, or the skill shaping responses outside its intended scope.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The example query about '中美贸易摩擦对电子产品的影响' expands the skill from concrete tariff lookup into broad trade-policy interpretation and strategic analysis. That wider scope increases the chance the agent invokes this skill for policy commentary rather than bounded tariff retrieval, which can produce overreach, inaccurate guidance, or inappropriate tool use.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal