human-tech-blog

Security checks across malware telemetry and agentic risk

Overview

This is a writing-only skill for technical blog posts, with no code, install hooks, data access, or persistence found.

Install this if you want a strong personal technical-blog voice. Check the final draft for fabricated personal experiences, version numbers, links, error messages, and technical claims, and override the skill when you need a different publication style, language convention, or more neutral tone.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

High

Confidence: 95% confidence
Finding: The skill description mandates activation whenever users mention broad, common phrases like writing a blog, technical article, or making text sound less machine-written. This can cause the skill to override more appropriate tools or user intent, leading to prompt routing abuse, misapplication, or hidden behavioral steering across many benign requests.

Natural-Language Policy Violations

Medium

Confidence: 86% confidence
Finding: The skill imposes Chinese typography and formatting rules by default, including full-width punctuation and spacing conventions, without checking the user's locale, platform, or preferences. While not a direct security exploit, it can cause integrity and usability issues by silently altering output style in ways the user did not request, especially in multilingual or publication-specific contexts.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal