Back to skill

Security audit

Linkedin Ghostwriting

Security checks across malware telemetry and agentic risk

Overview

This is a LinkedIn ghostwriting prompt skill with visible writing workflows and no executable code or hidden data handling.

Installers should share only business details and metrics they are comfortable using for marketing copy, verify public claims before posting, and be aware that the skill may ask many interview questions and may route a completed draft through a separate humanizer-style polishing skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill description contains broad trigger phrases like general writing help, social strategy, hooks, and copywriting frameworks, which can cause the agent to invoke this skill for loosely related requests outside narrow LinkedIn ghostwriting use. Over-broad auto-selection increases the chance that unrelated user content is routed into a workflow that asks many probing questions and may later chain into other skills, creating unnecessary data exposure and unintended behavior.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to invoke a separate humanizer/de-slop/AI-detection-cleanup skill after drafting, but does not require user consent or disclose that the draft may be sent to another skill or processing path. This creates a cross-skill data flow risk: potentially sensitive business claims, internal metrics, or ghostwritten client material could be transferred to another component unexpectedly.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.