Content Engine

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed content-writing workflow with optional publishing and memory use, but no evidence of hidden or malicious behavior.

Install only if you want an end-to-end content workflow that can search the web, save drafts, remember brand preferences, and offer to publish or schedule through connected services. Review drafts, metadata, target CMS, and social posts before approving any live publication or scheduling, and avoid storing sensitive business information in memory unless needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The skill advertises extremely broad triggers such as general writing, research, strategy, and content tasks, making it likely to activate for many ordinary user requests outside a narrow intended scope. Over-broad activation can cause incorrect tool/skill selection, unnecessary web research or memory use, and unexpected autonomous actions in contexts where the user did not explicitly ask for this end-to-end pipeline.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal