Write substack like articles

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only writing skill that is coherent with its newsletter-writing purpose, but users should review its sourcing and attribution guidance before use.

Before installing, confirm you are comfortable giving the agent access to web search, Readwise, and LlamaCloud sources for drafting public articles. Review outputs for attribution, copyright, and factual accuracy, and only use the named personal writing voice if that person has authorized it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The skill explicitly directs the agent to extract ideas from third-party materials while removing original author names and source identifiers, which encourages unattributed derivative use. In a writing skill, this increases the risk of plagiarism, misrepresentation of provenance, and erosion of traceability for factual or conceptual claims.

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The skill contains conflicting instructions: it says to cite sources naturally, but also says to remove author names and never mention original books or framework names. This inconsistency can push the agent toward concealed sourcing, making outputs appear more original than they are and increasing legal, ethical, and reputational risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal