Back to skill

Security audit

scene-analysis

Security checks across malware telemetry and agentic risk

Overview

This is a Markdown-only business evaluation skill with disclosed, purpose-aligned scoring instructions and no code execution, persistence, credentials, or network access.

Install this if you want a Chinese-language structured business scenario scoring framework. Treat the output as advisory decision support, especially when the input evidence is incomplete or inferred, and avoid supplying confidential contracts or internal process details unless you are comfortable sharing them with the agent running the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The document claims scoring must rely only on user-provided evidence, but then permits logical inference to substitute for missing evidence. This creates an inconsistent decision policy that can be exploited to justify unsupported conclusions, weakening review rigor and enabling arbitrary or biased approvals or rejections.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The earlier section allows missing evidence to be replaced by logical inference, but Gate0 later states missing required evidence causes automatic elimination. This contradiction can lead an agent to misapply the process, producing inconsistent outcomes and making the control gate unreliable under adversarial or low-quality inputs.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill’s trigger condition is broadly defined as any time a user wants to evaluate a business scenario, investment review, or rating report, without clear boundaries on domain, required inputs, or disallowed contexts. This can cause over-triggering and inappropriate invocation, leading the agent to apply rigid decision logic to unrelated or underspecified requests and potentially produce misleading business judgments.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.