Content Agency — AI 内容创作专家团

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-only Chinese content-writing skill with no code execution or account access; the main caution is that it may activate broadly for content requests.

Install if you want a Chinese-language assistant for copywriting, social posts, brand strategy, and content planning. Invoke it explicitly when you want these outputs, and review generated marketing copy for factual accuracy, platform rules, brand fit, and compliance before publishing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger phrases are very broad and map to common user intents such as writing copy, strategy, or social posts, so the skill may activate in many normal conversations where the user did not explicitly request this specialized workflow. Over-broad activation can cause unintended role switching, prompt-context hijacking of unrelated tasks, and inconsistent behavior across sessions.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The instruction to activate on any 'content creation request' is underspecified and effectively grants the skill a very wide activation surface. In an agent ecosystem, vague auto-activation rules can let this skill preempt other more appropriate skills, alter outputs unexpectedly, or be abused through crafted prompts that resemble content requests.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal