youmind-article-dispatch

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it can publish content across multiple external accounts and build persistent writing profiles with insufficient consent boundaries.

Install only if you are comfortable giving this skill access to your YouMind account and connected publishing platforms. Before using it, verify that it defaults to draft mode, confirm the exact destination platforms before every dispatch, avoid using broad phrases casually, and review or disable profile bootstrapping from prior articles unless you explicitly want that profiling stored under ~/.youmind.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (16)

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: The documentation materially understates what the skill does. Calling it 'pure orchestration, no publishing logic' conflicts with claims that it can research, write, adapt, publish drafts, and archive content, which can mislead users and reviewers about the skill's actual authority and side effects. In a skill that can act on multiple external platforms, this ambiguity increases the chance of unintended publishing or over-broad trust.

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The protocol explicitly supports single-platform routing even though the skill metadata says it should not trigger for single-platform requests. This creates a scope/trigger mismatch that can cause the dispatcher to activate unexpectedly, route requests incorrectly, or bypass the intended platform-specific entry points.

Context-Inappropriate Capability

Low

Confidence: 76% confidence
Finding: The protocol instructs the skill to inspect local paths such as ~/.youmind/author-profile.yaml and the skills/ directory to determine installed capabilities and load user profile data. While not inherently exploit code execution, this expands the skill's data access beyond what the manifest's 'pure orchestration' description suggests and increases privacy and overreach risk if the skill reads local files without clear user consent.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger phrase "Publish everywhere" is overly broad for a skill that performs live multi-platform posting. A short, natural-language phrase like this can be matched unintentionally in conversational contexts, causing the orchestration skill to activate when the user may only be discussing options rather than explicitly consenting to distribution.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The usage guidance normalizes "Publish everywhere" as sufficient to trigger cross-platform distribution, which increases the likelihood of accidental invocation. Because this skill can send content to multiple external services, ambiguous activation text materially raises the risk of unintended publishing and data transmission.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The README markets the skill as a distribution hub but does not prominently warn that using it can transmit article content to YouMind and onward to third-party platforms for live publication. In a skill that orchestrates posting across many services, missing disclosure undermines informed consent and increases the chance users expose sensitive or unfinished content.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger phrases are broad and action-oriented without a clear confirmation boundary. In an orchestration skill that can post to multiple third-party accounts, ambiguous matching such as '发到所有平台' can cause the agent to interpret discussion or planning as authorization to execute publishing actions.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The README describes automatic web search, knowledge-base retrieval, and post-publication archival without prominent disclosure of data movement or write-back behavior. That creates a real privacy and integrity risk because user content and connected knowledge-base data may be transmitted, transformed, and stored externally without informed consent at the time of use.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: Promoting 'one sentence to all platforms' and automatic identification of configured platforms normalizes high-impact external actions without emphasizing the risk of publishing to public accounts. In this context, a mistaken invocation can rapidly propagate unwanted or sensitive content across multiple services, amplifying reputational and operational damage.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill instructs storing platform roster and author-profile data under the user's home directory without clearly notifying the user that persistent local files will be created. This creates a privacy and consent risk because writing preferences, target platforms, and behavioral profile data may be retained across sessions and potentially accessed by other local processes, users, or skills.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill directs the agent to fetch and analyze 10-15 prior user articles from YouMind to infer writing style and profile attributes, but it does not clearly obtain informed consent for that profiling. This is dangerous because it expands access from the current request to historical content and derives persistent behavioral metadata, increasing privacy exposure beyond what a user may reasonably expect from a dispatch tool.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger set includes broad, natural-language phrases such as "publish everywhere," "distribute content," and common Chinese equivalents that can plausibly appear in ordinary conversation. Because this skill orchestrates multi-platform dispatch, accidental activation could cause unintended cross-posting workflows, platform validation calls, or draft creation across several connected services, making the overlap materially risky in context.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The spec explicitly says the skill reads and writes a persistent profile in a shared home-directory location that other YouMind skills can access, but it does not require clear user notice or consent before that write occurs. This creates a privacy and integrity risk because a user may not realize preferences are being stored durably and made available across skills, which can expose sensitive writing/language traits or cause unintended cross-skill data sharing.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The spec encourages automatic retrieval and analysis of 10–15 existing knowledge-base articles to infer user traits, but does not require a clear privacy warning or opt-in before reading historical content for profiling. Even if intended to improve personalization, analyzing prior articles can reveal sensitive topics, languages, and behavioral patterns beyond what the user expected for a dispatch action.

Natural-Language Policy Violations

Medium

Confidence: 80% confidence
Finding: The language section defines primary/secondary language and a bilingual strategy, but the spec does not clearly require explicit user selection before those settings affect generated content. In a cross-platform publishing context, inferred or default language choices can cause unwanted publication in the wrong language or create misrepresentation of the author's intent.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: Broad trigger terms like 'all', 'everywhere', and '全部' are ambiguous and can match ordinary user phrasing, causing accidental activation of all-platform behavior. In a publishing/orchestration context, mistaken dispatch can have real operational impact by posting content more widely than intended.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal