Copywriting

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only copywriting guide with no code or system access, though users should review generated marketing claims before publishing.

Safe to install as a marketing-writing assistant. Review generated scarcity, urgency, statistics, testimonials, ROI, and credential claims for accuracy and fairness before publishing, and be aware it may activate on broad headline-writing prompts.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger list is excessively broad and includes generic phrases such as "headline" and "how to write [marketing text]," which can cause the skill to activate for ordinary writing requests outside clear copywriting intent. Overbroad activation is dangerous in agent systems because it can route unrelated user tasks into persuasive-marketing behavior, increasing the chance of inappropriate autonomy, misleading outputs, or workflow hijacking.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal