Social Accuracy Checker

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward social-content fact-checking workflow that uses web research and creates a local markdown report, with no hidden code or credential behavior found.

Install this if you want an agent to fact-check social posts and attribution before approval. Expect it to browse the web and save a markdown report in the workspace; review the sources yourself and avoid sending confidential unpublished content to external search unless that is acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 89% confidence
Finding: The skill explicitly instructs the agent to write a markdown report to a concrete filesystem path without any user notification or consent step. Even though the destination is templated and appears work-related, silent file creation can cause unintended workspace modification, overwrite collisions, or be abused if the slug/path components are attacker-controlled elsewhere in the pipeline.

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal