Security audit

X Reply Unreplied

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent for helping with X replies, but it can like and post publicly from the user's account while using style guidance that may invent first-person feelings or experiences.

Install only if you are comfortable letting an agent use your logged-in X session to like and post replies. Review or require approval for each proposed reply, especially any text that says "I," claims prior experience, or expresses feelings, because the skill does not clearly require those claims to be grounded in facts you supplied.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The instruction to use this file whenever drafting a comment, reply, or post is overly broad and can cause the behavior-shaping guidance to be applied in contexts beyond the intended X-reply workflow. Because the file contains strong persona and style constraints, broad invocation increases the chance of unintended impersonation-like output across unrelated tasks.

Natural-Language Policy Violations

High

Confidence: 97% confidence
Finding: The file explicitly aims to make writing feel like a real person, not a machine, which pushes the model to conceal its artificial nature and present generated text as human-authored. In a social reply skill, this materially increases deception risk because recipients may believe they are interacting directly with the user rather than an assistant-generated message.

Natural-Language Policy Violations

High

Confidence: 96% confidence
Finding: The guidance encourages the model to express emotion as if it had genuinely been affected and to adopt subjective reactions that may not reflect the user's actual feelings. This creates a risk of fabricated emotional states and misleading first-person speech, especially when auto-drafting public replies on the user's behalf.

Natural-Language Policy Violations

High

Confidence: 99% confidence
Finding: The examples explicitly instruct the model to reference personal experience such as having run into a problem or used a tool before, even when the model may have no such experience and the user may not have said it. This is classic fabrication of first-person experience and can misrepresent the user's history or expertise in a public interaction.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.