Insta Cog

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only CellCog skill for creating social media videos and posts, with disclosed API-key and external-service use and no hidden or destructive behavior found.

Install this only if you trust CellCog and are comfortable sending prompts, brand details, and any attached media to its service. Use a scoped or dedicated API key if available, monitor credit usage, and avoid confidential or regulated data unless CellCog's terms and handling are acceptable to you.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill is described very broadly as general-purpose AI social media content creation and does not define clear invocation boundaries, allowed task scope, or concrete trigger phrases. In an agent ecosystem, this can cause over-selection of the skill for loosely related requests, increasing the chance that the agent routes sensitive prompts, costly media-generation tasks, or inappropriate content requests into an external service without sufficient user intent validation.

VirusTotal

49/49 vendors flagged this skill as clean.

View on VirusTotal