流式AI检索问答技能

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Chinese-language template for adding a streaming AI answer interface, with no hidden install behavior or unrelated system access.

Install this if you want a Chinese-language streaming AI answer/RAG UI template. Before using it in production, keep provider API keys on the server, review prompts and disclaimers for medical, legal, financial, or government use, and adapt language and citation rules to the target users and jurisdiction.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The activation criteria are so broad that this skill could trigger for many generic AI, search, assistant, or knowledge-base requests outside its intended scope. Over-broad activation increases the chance of inappropriate skill selection, causing unintended behavior, misapplied UI/prompt patterns, and possible disclosure or mishandling of context in sensitive domains like medical, legal, or enterprise knowledge systems.

Natural-Language Policy Violations

Medium

Confidence: 88% confidence
Finding: The skill metadata and content are written to enforce Chinese-language behavior without stating user-consent, locale detection, or fallback behavior. In multilingual or regulated contexts, forcing a language can mislead users, cause misunderstanding of safety disclaimers, and increase the risk of incorrect implementation in medical, legal, or financial applications.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal