LinkedIn Post Generator

Security checks across malware telemetry and agentic risk

Overview

This is a local writing helper for LinkedIn posts and does not request account access, credentials, network posting, persistence, or broad file permissions.

Safe to install as a LinkedIn writing assistant. Review generated posts before publishing, avoid giving it private company data unless you want that text included in a draft, and be aware it may activate for some broad social-writing requests unless the platform is made explicit.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill description and activation guidance are broad enough to match many generic writing requests, which can cause the agent to invoke this skill outside its intended LinkedIn-specific scope. Over-broad triggering is dangerous because it can misroute user requests, override a more appropriate skill, and expand the skill's effective authority beyond what the user intended.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal