Back to skill

Security audit

Remove AI Writing Signs

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed text-rewriting aid with no executable code or system access, though it can be misused to hide AI authorship.

Install only if you want a writing-style tool focused on removing AI-writing signals. Be explicit when asking for simple proofreading versus aggressive rewriting, and do not use the output to bypass disclosure, academic integrity, workplace, or publication rules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger guidance is intentionally broad enough to activate on generic requests like 'clean this up' or 'make it natural,' which can cause the skill to run when the user did not explicitly ask for AI-humanization or detector evasion. In context, that matters because the skill is designed to transform text to appear human-authored and even 'undetectable,' so accidental invocation can facilitate stealthy misuse or override safer editing behavior.

Ssd 2

Medium
Confidence
98% confidence
Finding
This section explicitly states that the rewritten output should pass automated detectors and human readers, which is direct optimization for AI-detector evasion. That materially increases abuse potential for academic dishonesty, fraud, policy evasion, and deceptive provenance laundering, and the surrounding workflow is purpose-built to make machine-generated text harder to identify.

Ssd 2

Medium
Confidence
97% confidence
Finding
The skill metadata advertises activation for requests such as making text 'undetectable' and maps innocuous-sounding phrases like 'make it natural' or 'clean this up' to covert evasion behavior. This increases the risk that users can invoke detector-evasion capabilities indirectly, including through phrasing that appears benign to oversight systems or reviewers.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.prompt_injection_instructions

Prompt-injection style instruction pattern detected.

Warn
Code
suspicious.prompt_injection_instructions
Location
SKILL.md:114