Content Generation

Security checks across malware telemetry and agentic risk

Overview

This is a general writing helper with disclosed research-related tools, and I found no artifact-backed evidence of hidden, destructive, or deceptive behavior.

Install this if you want a broad content-writing helper and are comfortable with disclosed research tooling. Be careful using it on confidential drafts or private business material unless you confirm whether external search/network access will be used for that request.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill defines an extremely broad activation scope, including 'creating any written content,' which overlaps with ordinary assistant behavior and can cause the skill to trigger on a wide range of unrelated prompts. Over-broad skills increase the chance of unintended invocation, context hijacking, and policy bypass through generic routing rather than through a narrowly justified use case.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal