Back to skill

Security audit

Humanizer Text Revision Helper

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable text-revision skill with some overbroad routing language, but no hidden install behavior, credential access, persistence, or destructive capability was found.

Install this if you want help making drafts sound more natural while preserving meaning. Be aware that some supporting files and triggers are broader than a strict text-humanizer scope, so avoid relying on it for software debugging, security hardening, legal/compliance-sensitive exact wording, or tasks where unintended rewriting could change obligations or meaning.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (11)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The requirement plan materially broadens the skill from text humanization/editing into bug fixing, hardening, reliability work, and adjacent skill creation. That scope drift can cause the agent to activate or be trusted for tasks outside its declared purpose, increasing the chance of unsafe delegation and policy bypass through misleading capability framing.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The audience and implementation language expands the skill into general workflow, code, analysis, and decision-support tasks beyond humanizing text. In practice, this can misroute unrelated requests into the skill and encourage operators or orchestration layers to grant it broader authority than users would reasonably expect.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
Promising code changes and broad artifact production is inconsistent with the stated humanizer/editing purpose and creates capability ambiguity. That ambiguity is dangerous because downstream systems or users may rely on the skill for implementation tasks it was not scoped, reviewed, or permissioned to perform.

Description-Behavior Mismatch

Low
Confidence
84% confidence
Finding
The usage signals market bug-fix behavior instead of text-humanization behavior, which can lead to accidental invocation on technical remediation requests. While less severe than direct code execution issues, this misclassification undermines safe routing and increases the chance that users receive out-of-scope assistance under a misleading skill label.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill description uses broad activation terms such as 'editing,' 'rewrite,' 'voice,' and general workflow support, which can cause the skill to auto-trigger for a wide range of ordinary writing tasks beyond its intended niche. Overbroad routing is dangerous because it can override more appropriate specialized skills or apply text-transformation behavior in contexts where preserving exact wording, policy constraints, or task boundaries is important.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The keyword trigger list contains vague phrases like 'editing,' 'rewrite,' 'voice,' 'clarity,' and 'tone' without scope limits, making accidental invocation likely. This broad matching increases the chance that the skill is selected in unrelated or sensitive contexts, where automated rewriting could introduce factual drift, alter commitments, or interfere with more suitable task-specific controls.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The manifest description is broad enough to trigger on routine editing and rewriting requests without clearly limiting when this skill should be used. Overly general routing can cause the agent to invoke this skill outside its intended scope, increasing the chance of inappropriate text transformation, policy bypass around sensitive writing tasks, or interference with safer domain-specific skills.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger keywords are very generic terms such as editing, rewrite, voice, and clarity, with no scope constraints or negative examples. This can cause accidental over-invocation on common writing requests, making agent behavior less predictable and enabling misuse of the skill for tasks beyond safe humanization or revision support.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill enables allow_implicit_invocation without any activation constraints, so the agent may invoke this helper based only on loose semantic matching. Because this skill rewrites user text, unintended invocation could silently alter meaning, tone, compliance wording, or cited content in contexts where exact wording matters, creating integrity and policy risks.

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger examples are so broad and generic that they are likely to match ordinary user phrasing unrelated to this skill's intended function. Overbroad triggers are dangerous in agent systems because they can cause inappropriate auto-selection, prompt hijacking of benign requests, and unreviewed expansion of the skill's operational footprint.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The usage signals do not define clear trigger boundaries or exclusions, making the skill eligible for ambiguous or unrelated requests. In the context of agent orchestration, unclear trigger scope can result in systematic misfires, unsafe handoffs, and hidden privilege expansion through imprecise routing logic.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.