Academic Writing Assistant

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward academic writing helper with broad activation keywords but no hidden code, credential access, persistence, or destructive behavior.

Reasonable to install as a prompt-based academic writing aid. Be aware it may activate on generic writing requests, verify any generated citations or DOI claims before relying on them, and do not run any separate academic_writing.py script unless you separately review and trust that code.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger list contains generic terms such as "write", "polish", and their Chinese equivalents, which are common in normal conversation and can cause the skill to activate unintentionally. Unintended activation can route unrelated user content into the skill, leading to confusing behavior, prompt-scope expansion, or accidental processing of sensitive text in contexts where the user did not intend to invoke academic-writing functionality.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal