Ai Powered Content Repurposing

Security checks across malware telemetry and agentic risk

Overview

This is a coherent AI content-repurposing skill, but users should treat shared drafts and connected service content as potentially sent to external AI and publishing integrations.

Install only if you are comfortable using external AI providers and connected content services for the material you provide. Avoid confidential, regulated, or client-restricted drafts unless your provider and workspace policies allow it, and require human review before anything is posted, scheduled, or synced to Slack, CRM, or public platforms.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill promotes sending blog posts, articles, URLs, and content from WordPress/Google Drive to external AI providers and third-party services, but the user-facing description does not clearly warn that their source material may leave the local environment. This creates a meaningful data exposure risk, especially if users paste proprietary drafts, internal documents, client content, or regulated information assuming the workflow is local or limited to the assistant.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal