Ai Copywriter

Security checks across malware telemetry and agentic risk

Overview

This is a simple Chinese Xiaohongshu-style copywriting skill with no executable code, credential access, or hidden data handling.

Install this if you want Chinese Xiaohongshu-style marketing copy. Expect outputs to follow that platform tone, and review generated text before publishing, especially for health-adjacent topics such as pregnancy diet because this is a copywriting aid, not medical or compliance advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The invocation phrase is generic enough to overlap with ordinary user writing requests, which can cause the platform to trigger this skill unintentionally when a user did not explicitly opt into a Xiaohongshu-focused transformation. That can lead to prompt-routing confusion, unexpected style constraints, and policy bypass of a user's preferred language or format.

Natural-Language Policy Violations

Medium

Confidence: 82% confidence
Finding: The skill hard-codes Chinese/Xiaohongshu output conventions and persona constraints without giving the user a language or style choice. This is less a direct security exploit than a control and integrity issue: it can override user intent, cause misrouting into a non-requested language/style, and make downstream agent behavior less predictable.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal