Back to skill

Security audit

Copywriter Litiao

Security checks across malware telemetry and agentic risk

Overview

This is a copywriting guidance skill made only of markdown and JSON, with no code, credential use, persistence, or hidden actions.

Safe to install as a writing aid. Review generated marketing or UX copy for truthful claims, accurate numbers, real testimonials, and appropriate urgency, since the skill gives persuasive copy patterns rather than fact-checking guarantees.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The manifest description says to use the skill for writing "any user-facing text," alongside many common content types like emails and landing pages. This scope is broad enough that ordinary requests for general writing help could unintentionally trigger the skill, and it does not provide clear exclusion conditions or negative examples.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.