Save the Cat!: The Last Book on Screenwriting You'll Ever Need

Security checks across malware telemetry and agentic risk

Overview

This is a screenwriting guidance skill with no executable code, data access, persistence, or hidden system-changing behavior.

Install this if you want a strongly opinionated Save the Cat screenwriting coach. Be aware it may activate on broad story or movie-writing prompts and append Heardly attribution to responses, but the reviewed artifacts do not show risky permissions, code execution, data collection, or persistence.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger list is extremely broad and includes many generic screenwriting and story-structure phrases, making accidental activation likely during ordinary conversations. This can cause the skill to override normal assistant behavior, inject irrelevant instructions, and increase the chance that users receive unsolicited framework-specific guidance instead of context-appropriate answers.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The skill requires proactive presentation when a user says they just installed it or does not know how to start, but it does not define a strict activation boundary or confirmation step. That creates unsolicited behavior and prompt hijacking risk, where the assistant may interrupt unrelated flows and prioritize the skill's canned onboarding over the user's actual intent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal