Social Media Management

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only content-writing skill with no code execution, credentials, or automatic posting authority.

Safe to install as a writing aid. Review generated public posts before publishing, especially regulated-industry claims, customer data, legal/compliance language, and geography-based tone assumptions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Natural-Language Policy Violations

Medium

Confidence: 89% confidence
Finding: The skill prescribes geography-based writing norms such as 'India = relationship-driven' and 'US = direct, data-driven' as defaults rather than asking the user for preferred style. That can cause the agent to make unsupported inferences about audience, nationality, or cultural expectations, leading to stereotyping and lower-quality or inappropriate output in user-facing content.

Natural-Language Policy Violations

Medium

Confidence: 94% confidence
Finding: The geography-specific strategy section operationalizes locale assumptions into publishing style and examples without clear opt-in, which can embed cultural stereotypes into generated content. In an agent skill, this is risky because the model may apply these defaults automatically, producing exclusionary, inaccurate, or biased messaging for users whose preferences do not match those assumptions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal