Security audit

jl-content-rewriter

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about rewriting text, but it is explicitly designed to reduce plagiarism and AI-detection signals for publishing platforms.

Install only if you will use it on content you own or are authorized to adapt, with attribution where required. Review the output path before running it on local files, and avoid using it to disguise copied or AI-generated material for platform publication or originality checks.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill directs the agent to write output files to disk, including in the same directory as user-supplied source files, without any explicit consent, confirmation, or safety constraints. This can cause unauthorized filesystem modification, accidental overwrites, or writes into sensitive paths if the provided file path is untrusted or attacker-controlled.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The article normalizes granting a WeChat-connected AI permission to read and reply to messages and explicitly reassures the reader that it 'won't touch anything else' without discussing privacy, consent, data retention, or risks to other participants in chats. In a guide that encourages real-world setup, this can mislead users into enabling access to sensitive communications without understanding the security and compliance implications.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The rule treats an unspecified user command as equivalent to an explicit save request, which can trigger file generation and saving without clear user consent. In an agent workflow, this increases the chance of unintended state-changing actions, surprising behavior, or writing sensitive/transformed content to disk when the user only meant to ask a question or continue editing.

Ssd 4

High

Confidence: 99% confidence
Finding: The workflow explicitly instructs preserving the original meaning while aggressively changing wording, structure, and sequence to reduce similarity and platform plagiarism risk. That is a substantive evasion pattern designed to help users launder copied content and defeat originality checks, which facilitates academic, platform, or copyright abuse.

Ssd 4

High

Confidence: 99% confidence
Finding: The interactive template encourages iterative optimization until rewritten content passes platform-specific risk thresholds, effectively operationalizing plagiarism-evasion as a guided loop. This makes the skill more dangerous because it helps users refine infringing or deceptive content until automated detection is less likely to flag it.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal