Natural-Language Policy Violations
Medium
- Confidence
- 95% confidence
- Finding
- 该技能在开头强制要求“只能使用简体中文”响应,剥夺了用户的语言选择权,也可能与上层系统或用户显式要求的语言不一致。虽然这更像策略/合规缺陷而非直接代码执行风险,但会导致任务结果不可用、误解安全建议,且可被用来覆盖更高优先级的交互要求。
ITFE Code Review
Security checks across malware telemetry and agentic risk
Overview
This appears to be a prompt-only skill with a rigid Simplified Chinese language rule, which may be inconvenient but does not show malicious behavior.
Install only if Simplified Chinese output is acceptable for your workflow. Prefer a revised version that treats Chinese as a default preference rather than an absolute rule, especially for multilingual teams or tasks where exact source-language preservation matters.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)
Natural-Language Policy Violations
Medium
- Confidence
- 93% confidence
- Finding
- 在输出格式部分再次重复“所有内容必须为简体中文”,强化了单一语言锁定,使该限制从风格偏好升级为全流程约束。重复约束会增加代理忽略上位指令或用户真实需求的概率,尤其在安全审查、跨语言协作或需精确保留原文术语时会造成信息损失。
Natural-Language Policy Violations
Medium
- Confidence
- 96% confidence
- Finding
- 该段把“下一步行动”提示和“所有沟通必须中文”绑定为持续性要求,意味着不仅报告内容,连后续确认流程也被语言策略锁死。这会影响用户理解修复选项、降低可访问性,并可能在多语言团队或英文工单环境中导致错误决策和执行偏差。
VirusTotal
VirusTotal findings are pending for this skill version.