Back to skill

Security audit

English Reading Analyzer

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese educational skill for analyzing English reading sentences and does not request sensitive access or perform actions outside that purpose.

Install this if you want Chinese-language help breaking down English reading passages. Be aware it may trigger on generic Chinese study phrases like “阅读理解” or “分析句子,” and it is likely to answer in Chinese unless the user or platform overrides that preference.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases are broad, generic study-related terms such as '分析句子', '阅读理解', and '英语阅读', which can plausibly appear in ordinary conversation and may cause unintended activation. In this skill, the consequence is limited because the skill is educational and does not request sensitive data or perform privileged actions, but accidental invocation can still degrade user experience and route conversations unexpectedly.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrases are broad, generic study-language terms such as '分析句子', '阅读理解', and '英语阅读', which can cause the skill to activate in many normal educational conversations outside the user's specific intent. This creates routing/invocation risk: the wrong skill may take over, leading to unintended behavior, degraded user experience, or interference with other more appropriate skills.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The skill content consistently mandates Chinese output and workflow behavior without checking the user's language preference or asking for consent. In a multi-language assistant environment, this can override user intent, reduce accessibility, and cause incorrect or unusable responses when the user expects English or another language.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.