Content Engine Tk

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only content marketing helper; its main risk is that users may paste sensitive writing samples if they are not careful.

Installers should treat this as a drafting aid. Use public or sanitized writing samples, avoid pasting confidential client work or sensitive personal data, and review generated content before publishing or scheduling.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill explicitly asks users to paste 10–20 writing samples for brand voice training but provides no warning to avoid confidential, proprietary, client, or personal data. In a content-marketing context, those samples may easily include unpublished drafts, customer information, internal strategy, or sensitive business communications, creating unnecessary data exposure and privacy risk.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal