Test

Security checks across malware telemetry and agentic risk

Overview

This is a simple AI news digest skill whose web-search behavior matches its purpose, with only minor routing and language-scope caveats.

Install this if you want AI-industry news digests and are comfortable with the agent searching and fetching web pages for current news. Ask explicitly for your preferred language or format, and only request Feishu output when you want it to create a document there.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The manifest description includes broad activation phrases like 'tech news summary' and 'daily AI industry update', which can over-trigger the skill for generic news-related requests outside its narrow intended use. Overbroad invocation increases the chance the agent selects this skill in inappropriate contexts, causing unintended web access, irrelevant tool use, or response hijacking away from better-matched skills.

Natural-Language Policy Violations

Medium

Confidence: 82% confidence
Finding: The skill states '中文输出' as a mandatory quality requirement without clearly conditioning that behavior on user preference. This can override the user's requested language or system language policy, leading to policy non-compliance and degraded user trust, though it is not a direct code-execution or data-exfiltration risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal