social-media-caption-generator

Security checks across malware telemetry and agentic risk

Overview

This is a simple caption-writing skill with no code, credentials, network access, or persistence, though its trigger wording is broad.

Install if you want help drafting social media captions. Treat outputs as public-facing marketing copy: review captions, hashtags, claims, and platform fit before posting.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The skill description is broad and phrased in natural everyday language, which increases the chance of accidental or overly eager invocation during normal user conversation about social media posts. In agent ecosystems that auto-route by semantic matching, this can cause the skill to activate outside narrowly intended contexts, creating prompt-scope confusion or unintended data exposure to the skill.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The closing call-to-action ('Tell me your content and I'll do the writing') is highly generic and likely to match many ordinary user requests about posts, writing, or content help. In a tool-selection or skill-routing system, this broad invocation surface can cause unintended selection of this skill when the user did not explicitly ask for social media caption generation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal