Back to skill

Security audit

Longform Blog Writer

Security checks across malware telemetry and agentic risk

Overview

This is a Markdown-only blog-writing skill with disclosed writing templates and no hidden code, install steps, credentials, or persistence.

Safe to install for blog drafting. Review generated facts and citations before publishing, and avoid including confidential drafts or proprietary details when the skill invokes external concept-decoding or verification workflows.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The skill hard-codes a language fallback of 'mixed input defaults to Chinese' without explicit user confirmation. This can override user intent in multilingual contexts, leading to incorrect outputs, consent issues, or policy bypass where language choice affects safety, reviewability, or downstream publication workflows.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.