Social Post Generator

Security checks across malware telemetry and agentic risk

Overview

This skill appears to generate social media drafts and hashtags without posting, persistence, credential use, or data exfiltration behavior.

Before installing, be aware that generic requests about posts, hashtags, or viral content may route to this skill. Use it for drafting social content and review generated copy before publishing elsewhere.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The documented trigger phrases are very generic social-media writing requests, which are likely to overlap with ordinary user prompts and cause the skill to activate unintentionally. In an agent ecosystem, overly broad activation can route unrelated content through this skill, creating prompt-scope confusion, unexpected behavior, or misuse of skill-specific instructions in contexts where the user did not explicitly request it.

Vague Triggers

Medium

Confidence: 78% confidence
Finding: The trigger phrases are generic enough to match many ordinary user requests about writing posts, hashtags, or making content viral, which can cause the skill to activate when the user did not explicitly intend to invoke it. Over-broad activation increases the chance of incorrect tool selection, unwanted prompt injection surface, or accidental processing of sensitive drafting content in contexts where this skill is not necessary.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal