Content Idea Generator

Security checks across malware telemetry and agentic risk

Overview

This appears to be a low-impact content-ideation skill, with the main issue being overly broad activation phrases that could trigger it unintentionally.

Installers should understand that this skill may activate when a user says they have no ideas or do not know what to write. That is not high-risk by itself, but clearer trigger wording would improve user control in multi-skill environments.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger phrases include very broad everyday expressions such as '不知道写什么' and '没有想法', which can match many ordinary conversations and cause the skill to activate when the user did not explicitly request content ideation. This creates unintended invocation risk, reducing user control and potentially steering conversations away from the intended task, especially in multi-skill environments where routing precision matters.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal