Wechat Article Generation Expert

Security checks across malware telemetry and agentic risk

Overview

This is a writing-only WeChat article skill with disclosed promotional-copy use and no code, credential access, or persistence.

Safe to install as a writing aid. Before publishing, verify any facts, data, and case studies, replace generic examples with real sourced material where needed, and clearly label sponsored or brand-promotional content according to platform rules and applicable advertising requirements.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The skill's activation cues are so broad that it may trigger on ordinary writing or marketing requests that only loosely relate to WeChat article generation. This can cause unintended routing, over-collection of user inputs, or inappropriate application of the skill's rigid output format, increasing the risk of user confusion and policy-relevant content generation such as stealth advertorials.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly supports marketing advertorials and brand promotion content but does not require disclosure, labeling, or user-facing warnings about sponsored or promotional writing. In context, this increases the chance of producing native-ad style content that could mislead readers about the commercial nature of the article and create compliance or trust issues.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal