Back to skill

Security audit

Shangan Gongkao

Security checks across malware telemetry and agentic risk

Overview

This skill is a plain instruction file for Chinese civil-service exam study help, with disclosed use of a specific local study-materials folder.

Install this if you want an agent to use your local Chinese civil-service exam materials, especially the folder E:\公考\公考-上岸资料整理, to answer exam-prep questions. Avoid using it for unrelated study or note-organization tasks if you do not want that folder consulted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill description is broadly phrased around organizing materials, building plans, searching notes, and generating study artifacts, which could cause the orchestrator to invoke it for many generic education or productivity requests. Over-broad routing can expose local file access behavior and cause the agent to inspect `E:\公考\公考-上岸资料整理` even when the user's request does not truly require this skill, creating unnecessary data exposure and unintended tool use.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.