Em Dash

Security checks across malware telemetry and agentic risk

Overview

This is an opinionated punctuation-style skill with no executable code or privileged behavior, though it may cause agents to replace em or en dashes in comments and prose.

Install this only if you want an agent to strongly prefer plain hyphens over em or en dashes, especially in code comments and technical text. Review generated edits where punctuation meaning matters, such as prose, quoted text, ranges, or user-authored documentation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill description is broad enough to trigger during many generic writing, review, or code-related tasks, allowing it to steer agent behavior well outside a narrow punctuation-checking role. Over-broad activation increases the chance that the skill will silently rewrite user content or comments according to its own preferences, creating unauthorized modifications and policy drift in unrelated workflows.

Natural-Language Policy Violations

Medium

Confidence: 86% confidence
Finding: The skill imposes a mandatory style rule based on its own convention rather than user intent, instructing agents to never use certain punctuation in code comments and related text without opt-in. In agent settings, this can lead to silent alteration of user-authored content, corruption of prose or documentation meaning, and unnecessary changes to source-controlled files.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal