Back to skill

Security audit

LinkedIn Post Ideas Generator

Security checks across malware telemetry and agentic risk

Overview

This is a small, disclosed LinkedIn/X post-idea helper that sends user-provided text to a SocialNexis API and does not install code or use local privileges.

Install only if you are comfortable sending topics, notes, or article excerpts to SocialNexis. Do not submit confidential drafts, private personal data, client material, or proprietary internal documents without redaction and explicit intent to use the external service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill description includes very broad activation phrases such as 'content ideas' and 'what should I post about X?', which can overlap with many ordinary user requests that are not explicitly asking to invoke this external skill. This can cause unintended tool invocation and unnecessary transmission of user-provided text to a third-party API, especially because the skill accepts pasted article content up to 10,000 characters.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.