Blog Polish Zhcn Images

Security checks across malware telemetry and agentic risk

Overview

This skill locally polishes a blog draft and saves the resulting Markdown and image prompts, with no evidence of hidden sharing or destructive behavior.

Install this if you want a local workflow that reads a blog draft and writes polished output files. Before running it, confirm the draft path is not sensitive and choose an output directory where generated Markdown and image files can be safely created.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill persistently writes files to the user's home-directory workspace without a clear user-facing warning or confirmation boundary. In agent environments, implicit filesystem modification can surprise users, overwrite prior work, or create unintended durable artifacts, especially when activation criteria are broad.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal