Copy Editing

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only marketing copy-editing skill with no code execution, network behavior, credentials, or persistence; its main caveat is that it may read narrow local brand/context files if present.

Safe for normal copy-editing use. Before installing, make sure you are comfortable with the agent using local brand or product-marketing context files if they exist, and avoid putting highly sensitive customer or business information in those files unless you want it used in copy feedback.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill description contains many broad, everyday trigger phrases such as 'make this better,' 'polish this,' and 'clean up this text,' which can cause the agent to invoke this skill in situations beyond narrowly scoped marketing-copy editing. Over-broad activation is dangerous because it can route unrelated user content into a persuasive editing workflow, increasing the chance of inappropriate tool use, context loading, or unintended behavioral shaping.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The eval requires the skill to trigger on vague wording like 'casual phrasing' without defining objective boundaries. That can cause the skill router or evaluator to over-activate the copy-editing skill on unrelated requests, reducing routing reliability and making behavior easier to manipulate with loosely similar phrasing.

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal