Back to skill

Security audit

Writing Assistant

Security checks across malware telemetry and agentic risk

Overview

This is a simple writing-assistant instruction file with no executable code, install scripts, credentials, persistence, or hidden system access.

Reasonable to install for ordinary writing help. Before using it with private drafts, client materials, or confidential references, confirm that any MCP writing tools available to your agent are trusted, because the skill may route task content or references to them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill uses broad, always-on instructional language such as managing writing tasks generally and following the content above, without defining clear activation boundaries, input constraints, or tool-selection guardrails. In an agent setting, this can cause overbroad invocation and unintended delegation behavior, increasing the chance the skill is applied to inappropriate prompts or manipulated into unsafe tool usage.

VirusTotal

41/41 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.