Writing Style Iterator

Security checks across malware telemetry and agentic risk

Overview

This is a coherent writing-style memory skill, but it gives the agent broad authority to edit files and keep persistent copies of drafts without enough up-front user control.

Install only if you are comfortable with the agent saving local copies and git history of writing drafts, learning from your edits and comments, and updating files or style memory with limited prior confirmation. Avoid using it on sensitive, client, legal, medical, or workplace documents unless you require explicit approval before each file write, snapshot, and style-memory update, and periodically review or delete ~/.writing-style-iterator/.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (10)

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The skill requires shell and git access to a persistent local repository for a feature advertised as writing-style memory. That expands capability from text assistance into filesystem mutation and persistence, increasing the blast radius if the skill is triggered unexpectedly or manipulated into operating on unintended paths.

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The workflow copies whole user files into a drafts repository on every save, even though the stated purpose is learning writing style. This collects and persists far more content than necessary, creating confidentiality and retention risks for sensitive documents that happen to be edited through the skill.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The documented workflow goes beyond passive style assistance and instructs direct modification of user files plus automatic persistence. This mismatch matters because users may invoke the skill expecting advisory help, while the skill is actually authorized to alter files and record data without a clear consent boundary.

Description-Behavior Mismatch

Low

Confidence: 82% confidence
Finding: The skill auto-learns from diffs, comments, and feedback and writes persistent style rules immediately, which is more invasive than a simple style-memory description suggests. This can unexpectedly convert transient user edits or annotations into long-term stored preferences, including sensitive or situational instructions.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The activation trigger covers very broad writing-related scenarios, making accidental invocation likely during ordinary requests. In this skill, broad activation is especially risky because activation can lead to file reads, file writes, diffing, and persistent memory updates rather than just generating text.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill directs automatic writes to user files and style memory without upfront warning or confirmation. Silent modification of content and persistence of user data can cause data loss, privacy issues, and surprising state changes that are hard for users to detect or attribute.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The instructions explicitly say not to ask Y/N and to directly write style changes, then merely notify the user afterward. This bypasses meaningful consent for long-term storage and makes it easy to persist incorrect, sensitive, or context-specific preferences without the user's approval.

Ssd 3

Medium

Confidence: 94% confidence
Finding: The skill establishes a long-term repository for style rules and draft history, which creates ongoing retention of user-authored content and inferred preferences. Persistent natural-language storage increases exposure if the machine is shared, compromised, backed up insecurely, or if the repository accumulates sensitive text over time.

Ssd 3

High

Confidence: 98% confidence
Finding: Copying complete user files into a snapshot store on every edit is effectively bulk collection of user content. This is dangerous because many writing files may contain secrets, personal data, internal drafts, or unpublished materials that are unrelated to style learning but become permanently retained in version history.

Ssd 3

Medium

Confidence: 93% confidence
Finding: Mining diffs, inline comments, and spoken feedback and automatically writing extracted information into persistent memory risks capturing sensitive annotations, private instructions, or one-off contextual preferences. Because comments have no fixed format, the skill may over-collect data the user never intended to store as long-term memory.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal