Content Rewriter

Security checks across malware telemetry and agentic risk

Overview

This is a simple text-rewriting skill with no code, install steps, credentials, persistence, or system access.

This skill is reasonable to install for rewriting, summarizing, translating, and adapting text. Because its trigger phrases are generic, users in auto-routing environments should make sure they intend to invoke it before sharing sensitive text, and should review generated content before publishing for accuracy, tone, copyright, and platform compliance.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill exposes very broad natural-language triggers such as 'summarize this' and 'translate to [language],' which are common phrases users may say in many unrelated contexts. In agent environments that auto-route or invoke skills based on loose matching, this can cause unintended activation, interception of user content, or execution in contexts where the user did not intend to use this skill.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal