Security audit

Humanizer-DE

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed German text-analysis and rewriting skill with an optional local CLI; the main risks are broad trigger phrases and reviewing rewritten or auto-fixed text before use.

Install only if you want German AI-text detection and humanizing help. Use explicit phrasing when invoking it, review rewritten text for invented personal claims or changed meaning, and run the optional CLI fix command only on intended files after checking the resulting .fixed output.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger phrase 'Check diesen Text' is broad and resembles normal conversational language, so it could cause accidental invocation when a user is speaking naturally rather than intentionally calling the skill. In an agent environment, ambiguous activation phrases can lead to unintended processing of user content or unexpected skill execution.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: Several commands ('Was klingt hier nach KI?', 'Humanisiere das', 'Mach das menschlicher') are common everyday phrases that could overlap with ordinary user prompts. This increases the chance of accidental skill routing, especially in multi-skill chat systems where broad phrases may intercept unrelated requests.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill defines several very broad, colloquial trigger phrases such as 'Check diesen Text' and 'Mach das menschlicher'. In a larger agent environment, generic activators can be invoked unintentionally by ordinary user conversation, causing the skill to run out of context, override expected routing, or process sensitive text unexpectedly.

Vague Triggers

Medium

Confidence: 96% confidence
Finding: The command triggers are very broad natural-language phrases such as 'Check diesen Text', 'Humanisiere das', and 'Mach das menschlicher', which can easily overlap with ordinary conversation. In an agent environment, this raises the risk of accidental or adversarial invocation, causing the skill to process content unexpectedly or override the user's intended workflow.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The layer is configured to activate on very broad, everyday phrases like "Humanisiere das" or "Mach das menschlicher," which can unintentionally match routine user requests. This creates an overbroad trigger surface where the skill may rewrite content in contexts the user did not intend, potentially altering meaning, tone, or policy-sensitive output.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal