Content Structure Designer

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only writing aid for creating content outlines, with no code execution, credentials, persistence, or sensitive access.

Safe to install for Chinese-language content outlining and writing-structure support. Be aware it may activate on broad writing-help prompts, and review any generated outline before publishing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger phrases are broad, generic writing-help terms such as '不知道怎么写' and '如何组织内容', which are likely to match many ordinary user requests outside the intended scope. This can cause unintended skill activation, leading to inappropriate routing or response shaping, though the content of the skill itself is not directly harmful.

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: The skill is written entirely in Chinese and does not indicate language negotiation, fallback behavior, or a justified locale restriction. In multilingual environments, this can cause misalignment with user expectations, accidental exclusion, or degraded usability if the skill activates for users who did not request Chinese output.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal