Ebook Template Factory

Security checks across malware telemetry and agentic risk

Overview

This appears to be a disclosed Chinese-marketplace content skill with a localization caveat, not a security threat.

Install this if you want Chinese-marketplace content generation. For best results, explicitly tell the agent the target country or region, language, platform, and any compliance constraints before asking it to create listings or marketing copy.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 89% confidence
Finding: The skill is explicitly framed as generating content optimized for Chinese marketplaces and presents that locale as the default behavior, without asking the user to choose language, region, platform, or compliance constraints. This can cause an agent to make unrequested localization and market-targeting decisions, leading to user-intent drift, inappropriate language output, or platform-specific content generation that may not match the user's needs.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal