Back to skill

Security audit

TK Content Engine

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only marketing content skill with no executable code or special access, though users should avoid pasting sensitive writing samples.

Safe to install for drafting and repurposing marketing content. Before using brand voice training, redact personal details, client information, unpublished drafts, secrets, and proprietary material, and review generated content for accuracy, copyright, and brand fit before publishing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill is invoked through very broad natural-language prompts and does not define clear scope limits, refusal conditions, or boundaries for what source material may be transformed. In practice, this increases the chance that users paste sensitive, copyrighted, or confidential content and that the skill processes requests outside the intended marketing use case without guardrails.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The brand-voice training flow explicitly asks users to paste 10-20 writing samples but provides no warning against including private, client, internal, or proprietary material. Because writing samples often contain unpublished drafts, customer information, or commercially sensitive messaging, the skill creates a realistic risk of data over-sharing and downstream misuse.

VirusTotal

52/52 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.