Back to skill

Security audit

Ghost CMS

Security checks across malware telemetry and agentic risk

Overview

This Ghost CMS skill is documentation-focused and its powerful site-management examples are aligned with its stated purpose, with no hidden execution or exfiltration found.

Install only if you want an assistant to help with Ghost CMS administration and development. Treat Admin API keys as sensitive, prefer staging or local Ghost instances, back up content/themes, and require explicit approval before edits, deletes, member or webhook changes, image uploads, theme activation, production installs, updates, or deployments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.generated_source_template_injection

User-controlled placeholder is embedded directly into generated source code.

Critical
Code
suspicious.generated_source_template_injection
Location
SKILL.md:243