Book Launch Coach

Security checks across malware telemetry and agentic risk

Overview

This is a plain markdown coaching skill for book writing and publishing, with broad routing language but no code, credential use, hidden execution, or persistence.

Safe to install as an advisory book launch coach. Users should treat cost, ad spend, editor, cover designer, KDP, audiobook, and publishing-platform recommendations as planning advice and approve any real purchases or account changes themselves.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill metadata includes very broad trigger phrases such as "writing a book," "book blurb," and "book cover," which overlap with many ordinary authoring requests. This can cause the skill to activate outside its intended context, increasing the chance of prompt-routing mistakes, irrelevant guidance, or untrusted skill content influencing unrelated user tasks.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The usage examples are broad and underspecified, with no clear conditions for when the skill should defer to a general writing assistant versus handling the request itself. That ambiguity can lead to unintended invocation on generic drafting or advice tasks, expanding the skill's effective scope and increasing the risk of misrouting and inappropriate responses.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal