Back to skill

Security audit

Copywriting

Security checks across malware telemetry and agentic risk

Overview

This appears to be a communication-writing helper with broad tone guidance, not a skill that takes control of accounts, files, or credentials.

Safe to install for drafting or polishing communications. Review outputs before sending, especially for HR, legal, finance, customer-facing, or cross-cultural messages, and explicitly state the desired language and tone when the context is ambiguous.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill is described with very broad, everyday scenarios such as boss updates, colleague communication, customer service replies, group chat optimization, and email drafting, without clear boundaries on when it should or should not be used. This can cause over-activation or unintended application in unrelated contexts, increasing the chance that the agent rewrites sensitive communications or adopts an inappropriate role without explicit user intent.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The skill embeds Chinese-language and culture-specific wording defaults such as using particular honorific patterns, preferred phrasing, and message-style norms without requiring user opt-in. In practice, this can steer outputs toward an unintended language or tone, causing miscommunication, user surprise, or incorrect register when the user expects neutral or multilingual behavior.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.