Back to skill

Security audit

Autoskill China Recipe

Security checks across malware telemetry and agentic risk

Overview

This looks like a recipe skill, but it contains unrelated instructions that can hijack the agent into overbroad, never-ending output behavior.

Review carefully before installing. The recipe content itself is local and low-risk, but the skill should be edited to remove the automatic-any-request trigger and the recursive continuation/completion-control sections before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

High
Confidence
98% confidence
Finding
The trigger text states that any user request automatically invokes the workflow, which is an overbroad routing rule that can hijack unrelated conversations. In this skill, that danger is amplified by the later embedded prompt that forces recursive, non-terminating output behavior, creating a realistic denial-of-service and agent-control risk.

Ssd 4

Medium
Confidence
99% confidence
Finding
The embedded workflow contains explicit instructions to suppress normal stopping behavior, force continuation markers, and keep generating content indefinitely. In an agent environment, this is prompt-injection-style control logic that can consume excessive tokens, block task completion, override higher-level orchestration, and degrade service availability.

Hidden Instructions

High
Category
Prompt Injection
Content
├─ 老抽 1勺
└─ 料酒 2勺

👨‍🍳 做法步骤
1. 五花肉切块,冷水下锅焯水
2. 锅中放油,加冰糖炒糖色
3. 放入肉块翻炒上色
Confidence
90% confidence
Finding

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.