Back to skill

Security audit

Content Creator Pro

Security checks across malware telemetry and agentic risk

Overview

This appears to be a content-writing skill with broad activation phrases, which may cause accidental use but does not show harmful or high-impact behavior.

Install if you want a dedicated content-creation workflow. Be aware that broad phrases like requests for scripts, titles, hooks, thumbnails, or captions may invoke this skill unexpectedly; prefer explicit slash commands or clarify when you want the base assistant instead.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrases for `/script` are broad enough that ordinary user requests like 'Write a script about X' could unintentionally activate the skill outside an explicit command context. This can cause unintended prompt routing or override another agent's normal behavior, especially in systems that dispatch skills based on natural-language matching.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The title-generation triggers are generic content requests that are likely to overlap with normal conversation, making accidental invocation plausible. In a multi-skill environment, this can hijack unrelated requests and lead to incorrect tool selection or unexpected structured output.

Vague Triggers

Medium
Confidence
87% confidence
Finding
Phrases like 'Write hooks for [topic]' and 'Hook ideas for [topic]' are common user requests and may trigger this skill unintentionally. That ambiguity increases the risk of prompt-routing collisions and makes the system behave unpredictably when multiple skills or default assistant behavior could satisfy the same request.

Vague Triggers

Low
Confidence
75% confidence
Finding
The thumbnail trigger phrases are somewhat nonspecific and can match ordinary creative-assistance requests, though the narrower domain makes accidental activation less likely than for script or title generation. The main risk is unintended routing rather than direct security compromise.

Vague Triggers

Medium
Confidence
90% confidence
Finding
Caption-related trigger phrases are broad and resemble ordinary social-media writing requests, so they may capture user intents not meant for this specific skill. In orchestrated agent systems, that can result in unintended invocation, context leakage across workflows, or incorrect formatting constraints being applied unexpectedly.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.