Content Writer 自媒体内容生成器

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Chinese social media writing skill with no code, tools, credentials, persistence, or publishing authority.

Safe to install for drafting Chinese social media posts. Review generated content before publishing, especially citations, marketing claims, platform rules, and whether the skill activated for the intended language and platform.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The activation phrases are generic enough to match many normal writing requests, which can cause the skill to auto-activate outside its intended niche. That can override user intent, steer outputs toward a specific content-generation workflow, and create unsafe or irrelevant behavior in multi-skill environments.

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: The skill is described as generating content for Chinese social media and implicitly constrains output language and format without stating an opt-in or fallback behavior. In shared agent environments, this can cause incorrect language selection, user confusion, or unwanted transformation of requests that were not intended for Chinese-language output.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal