Back to skill

Security audit

mommy-role-research 妈妈系角色研究

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-only research and writing skill for Chinese editorial briefs, with no code, credentials, persistence, or hidden system access.

Safe to install as a prompt-only research aid. Be aware it is designed to steer relevant work toward Chinese editorial formats, and review generated sources and interpretations carefully before publishing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrases for mode selection are very broad (e.g., update, briefing, 最近讨论), which can cause the skill to activate for ordinary research requests that were not intended to use this specialized prompt. In an agent environment, overbroad invocation increases prompt-scope capture risk: unrelated user requests may be silently routed through this skill's editorial framing and output constraints.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The skill description defines a very wide thematic scope spanning research, discourse, media, psychology-adjacent terms, fandom, gender, and AI companionship without clear boundaries. Such breadth makes accidental invocation and overreach more likely, allowing the skill to shape responses in contexts beyond what the user intended.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The rule 'Write the final response in Chinese unless the user explicitly asks otherwise' overrides normal user-language expectations and can force output transformation without affirmative consent. In agent settings, this can degrade usability, interfere with downstream tooling, and create a subtle prompt-priority conflict where the skill imposes formatting behavior beyond the user's request.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.