Writing Polish

Security checks across malware telemetry and agentic risk

Overview

This is a text-only Chinese writing polish skill, with no code execution or credential access, though its trigger wording is broad.

Install this if you want an agent to actively polish and reshape Chinese writing. Be aware it may activate when you imply that Chinese text should be improved, and avoid submitting confidential drafts unless you are comfortable having the agent process them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger description is intentionally broad enough to fire on many generic writing-help requests, including cases where the user may want drafting, editing, rewriting, or general assistance rather than polishing. This can cause incorrect skill selection, override a more appropriate tool or policy path, and lead to responses that do not match user intent, which is a security and reliability concern in agent routing.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal