Content Product Analyzer

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only analysis skill for commercial teardowns of content and product pages, with no executable code or hidden access found.

Reasonable to install for product, landing page, creator profile, and competitor analysis. Use mixed-mode only for public URLs or current public facts, and avoid pasting secrets, private customer data, cookies, tokens, or confidential screenshots unless you are comfortable having that content processed in the chat context.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Low

Confidence: 92% confidence
Finding: The description uses broad 'use to' phrasing without a clear invocation boundary, which can cause the platform to over-select this skill for loosely related requests. That increases the chance of unintended activation, context hijacking, or response-shaping in situations where a more appropriate skill should have handled the task, though the skill itself does not appear overtly malicious.

Natural-Language Policy Violations

Medium

Confidence: 82% confidence
Finding: The skill hard-requires Chinese headings and labels regardless of user language, which can override user intent and create instruction conflict with the surrounding system or task context. This is risky because forced locale/output constraints can be used to degrade reliability, bypass expected formatting, or make security-relevant output less understandable to the user or downstream reviewers.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal