Back to skill

Security audit

loadpage

Security checks across malware telemetry and agentic risk

Overview

This is a text-editing skill that can rewrite documents, but its behavior is disclosed and aligned with that purpose.

Install only if you want an agent to help rewrite prose. Use it on specific text or files you choose, review diffs before applying edits, and avoid using it on legal, compliance, evidentiary, or policy-sensitive text unless you explicitly want that content changed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The usage text tells the agent to 'humanize text' and says the skill can be invoked directly when editing documents, but it does not define clear scope limits, consent requirements, or trusted contexts. In an agentic environment, this broad activation pattern can cause the skill to rewrite arbitrary content, including sensitive, policy-relevant, or forensic text, in ways the user did not explicitly intend.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.