Journal to Post

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward writing helper, but users should review any journal-derived post carefully before sharing it publicly.

Install only if you are comfortable using it as a writing aid for intentionally selected journal content. Do not give it secrets, confidential work material, health or financial details, or files you have not reviewed, and manually remove identifying or sensitive details before posting anything it generates.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly converts personal journal entries into shareable social media posts but does not clearly warn users that private reflections may be turned into public-facing content. In this context, users are likely to submit sensitive emotional, health, relationship, work, or identifying details, creating a real privacy and oversharing risk if the output is posted without adequate review.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill invites users to provide a file path without warning that local files may contain highly sensitive content unrelated to social posting, such as raw journals, notes, or confidential documents. That increases the chance of accidental ingestion of private local data and subsequent transformation into output intended for sharing, which is especially risky given the skill’s public-posting purpose.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal