Writing

Security checks across malware telemetry and agentic risk

Overview

This is a text-only writing guidance skill that helps edit prose and does not add executable code, credentials, persistence, or hidden data movement.

Safe to install for ordinary writing and editing help. For confidential drafts, remember that the skill permits subagent-based copyediting when context is tight, so tell your agent not to delegate sensitive text if that matters.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The manifest says to use the skill when 'writing or editing prose humans will read' and on broad conditions like 'clarity concerns' or 'vague language.' Those conditions are common across many ordinary interactions and the file does not provide bounded trigger phrases, exclusions, or negative examples, which could cause unintended invocation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal