Insta poster

Security checks across malware telemetry and agentic risk

Overview

This skill only drafts Instagram captions, hashtags, and image prompts, and does not appear to run code, access accounts, or post anything automatically.

Install only if you want help drafting Instagram-ready content. Review generated captions, hashtags, and image prompts before publishing, and avoid entering private or sensitive information as a topic.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: This manifest accepts a generic "string (user topic or instruction)" without any constraints, examples, or exclusion conditions. For a manifest file, that makes the trigger/scope ambiguous because almost any ordinary instruction could appear to match, increasing the chance of unintended invocation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal