Autotalk

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only writing skill for turning reports into short-video spoken scripts, with no code execution or data-access behavior, though its tone and trigger scope are broad.

Install this only if you want an opinionated Chinese short-video script style. Review generated scripts for factual accuracy, exaggeration, and suitability before publishing, and avoid pasting confidential reports unless you are comfortable giving that content to the agent.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

High

Confidence: 96% confidence
Finding: The manifest description explicitly says the skill 'MUST TRIGGER' for broad, common user intents such as writing short video/social media scripts or complaints about 'AI vibes.' This can cause the skill to activate outside narrowly scoped contexts, overriding user intent and routing many unrelated requests into persuasive-style rewriting, which is a prompt-routing security and safety risk.

Natural-Language Policy Violations

Medium

Confidence: 82% confidence
Finding: The skill mandates Chinese-specific stylistic markers and banned/required phrasing without offering user choice or declaring locale constraints. In context, this is less a direct exploit than a behavior-integrity problem: it can silently override user language, tone, or regional preferences and produce manipulative or mismatched outputs when invoked in broader contexts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal