Writers Room Story Engine

Security checks across malware telemetry and agentic risk

Overview

This is a creative-writing workflow skill that organizes story planning, drafting, and revision without requesting sensitive access or running code.

Safe to install for creative writing assistance. Expect it to prefer a structured story-development process before drafting prose; users who want a quick standalone rewrite or scene should say so explicitly.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill description is very broad and overlaps with common creative-writing requests such as drafting, revising, outlining, and story development. In agent-routing systems, ambiguous activation criteria can cause this skill to be invoked in situations beyond its intended scope, increasing the chance of misrouting, prompt shadowing, or unintended workflow takeover.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The opening guidance says to use the skill for creating stories from nothing or repairing weak stories, which is broad enough to match a large share of normal writing-assistance prompts. That makes the skill more dangerous in context because it is a 'mega-skill' intended to orchestrate many stages, so over-activation could displace more constrained skills and broaden the model's behavior unexpectedly.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal