Back to skill

Security audit

Grammar Checker

Security checks across malware telemetry and agentic risk

Overview

This is a simple English proofreading skill with no executable code, hidden access, persistence, or credential use in its artifacts.

Install this if you want English grammar and style feedback. Use explicit prompts for drafting, translation, or non-English editing, and avoid submitting sensitive text unless you are comfortable having the agent process it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill advertises very broad trigger phrases such as general writing-help and proofreading requests, which can cause it to activate for ambiguous prompts that may belong to other skills or broader assistant behavior. This creates a routing and scope-control problem: users may be funneled into this skill when they did not specifically request grammar checking, leading to unintended handling of content and degraded policy/application boundaries.

Natural-Language Policy Violations

Medium
Confidence
81% confidence
Finding
The skill is explicitly limited to English without presenting this as a declared, justified restriction or offering fallback behavior for other languages. While not directly a code-execution risk, this can cause incorrect handling of multilingual input, misleading results, or exclusion of users whose text is in another language.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.