Back to skill

Security audit

Content Strategy Pro

Security checks across malware telemetry and agentic risk

Overview

This is a simple content-planning instruction skill with no executable code, credential use, persistence, or hidden authority.

Safe to install for content planning. Avoid sharing confidential business strategy, proprietary analytics, unreleased plans, or sensitive customer data unless you are comfortable using that information as context for recommendations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger section uses broad natural-language phrases such as 'content ideas' and 'what should I write about', which can overlap with many ordinary requests and cause the skill to activate when the user did not specifically intend to invoke a full content-strategy workflow. Unintended activation is a real quality and security concern because it can lead to inappropriate context gathering, unnecessary external research steps, or unexpected handling of user inputs in situations outside the skill's intended scope.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.