Sales Content Gen Agent

Security checks across malware telemetry and agentic risk

Overview

This is a marketing content-generation prompt with broad activation wording, but it contains no executable code, hidden data access, persistence, or destructive behavior.

Install this only if you want a prompt for marketing asset creation. Treat the provider access claims as requiring your own trusted ComfyUI, Suno, or RunPod setup, and do not approve unexpected installs, paid generation, or credential prompts unless they are clearly tied to a service you chose.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger phrases are broad, generic verbs like "generate image," "create video," and "write content," which can match many ordinary user requests and cause the skill to activate unintentionally. In an agent environment with tool access and content-generation side effects, accidental invocation can lead to unnecessary external API usage, unwanted content creation, cost incurrence, or confusion about which skill should handle a request.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal