Security audit

Daily Technology Content Generator

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable content-generation skill for recent technology news and TikTok scripts, with no evidence of hidden access or unsafe behavior.

Install this if you want help drafting short-form content from public technology news. Treat it as a news/content helper, not a private research assistant: avoid providing sensitive internal information, credentials, unpublished plans, or private links in prompts.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The skill description is broad enough to match many generic requests about creating tech content, which can cause the agent to invoke this skill in situations where the user did not specifically ask for daily tech news or TikTok scripts. Over-broad activation increases the chance of incorrect tool selection, unexpected external content gathering, or bypass of more appropriate domain-specific skills.

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The example trigger phrase 'Generate today's technology TikTok scripts' is very general and may teach the orchestrator to activate the skill on loosely related requests. This can widen invocation boundaries and lead to accidental use for broad 'technology content' prompts rather than the intended narrow workflow of recent-news aggregation and script generation.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal