Aura Content Strategist

Security checks across malware telemetry and agentic risk

Overview

This social-content planning skill is mostly instruction-only, but it includes explicit guidance for disguising AI-assisted posts as human activity and avoiding platform detection.

Review before installing. Use the content planning and platform-format help only in ways that comply with platform rules, and avoid using the anti-detection, fake typo, self-comment, or human-mimicry advice to mislead audiences. Keep EXTEND.md out of version control if it contains account handles or business strategy.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (9)

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The skill explicitly instructs the model to make output harder to identify as AI-generated by adding human-like imperfections, behavioral mimicry, and deceptive comment patterns. That goes beyond normal content optimization and crosses into evasion guidance, which can facilitate platform-policy circumvention and deceptive publishing practices.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: This document explicitly instructs users how to make AI-generated content appear human-authored and how to avoid AI-detection signals across copy, visuals, posting behavior, and comments. In the context of a content-strategy skill, this goes beyond legitimate style guidance and becomes an evasion playbook that can facilitate deceptive platform manipulation and policy circumvention.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The trigger list is broad enough that the skill may activate for generic terms like 'Aura,' 'content strategy,' or common social-media concepts outside the intended use case. Over-broad activation can cause the wrong skill to take control, leading to inappropriate instructions being applied and increasing exposure to the skill's evasive behaviors.

Natural-Language Policy Violations

High

Confidence: 88% confidence
Finding: The skill forces output language by platform regardless of the user's language, which can override user intent and reduce transparency about what will be produced. In a safety context, hard-coded language switching can also make outputs less reviewable by the user and increase the chance that problematic or deceptive content is generated without clear consent.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly collects identifiable account handles and writes them to persistent storage at either project or user scope, but provides no privacy notice, retention policy, access guidance, or minimization controls. While account handles are not highly sensitive secrets by themselves, persistent storage can expose profiling information and create unnecessary privacy risk, especially in shared repositories or multi-user environments.

Ssd 2

Medium

Confidence: 97% confidence
Finding: These instructions explicitly promote paraphrased evasion of AI-origin detection through colloquial imperfections, visual noise, posting-pattern mimicry, and fake-authentic comment behavior. This is deceptive by design and can be used to evade moderation, authenticity checks, or platform rules around synthetic content.

Ssd 2

Medium

Confidence: 96% confidence
Finding: Referencing an 'anti-ai-playbook' as a reusable framework operationalizes evasion and makes the deceptive behavior systematic rather than incidental. The explicit framing indicates the skill is designed to incorporate concealment techniques into normal output generation, increasing misuse potential.

Ssd 4

Medium

Confidence: 97% confidence
Finding: The file provides a step-by-step operational playbook for disguising AI-generated content as human behavior, including randomized timing, intentional edits, deliberate imperfections, and comment tactics. This materially enables deceptive automation and can be used to scale inauthentic engagement while reducing detection by platform trust and safety systems.

Ssd 2

Medium

Confidence: 98% confidence
Finding: Even without explicit jailbreak wording, the text clearly teaches evasion by describing how to avoid AI-detection cues and introduce markers associated with human authorship. This is dangerous because paraphrased evasion guidance still helps users bypass platform enforcement mechanisms and obscures the true origin of content.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal