Back to skill

Security audit

Narrative Builder

Security checks across malware telemetry and agentic risk

Overview

This is a text-only story-building skill, but it includes an overbroad instruction that tells the agent not to refuse skill-content modifications, so users should review it before installing.

Install only if you are comfortable with a Chinese-language narrative-writing workflow that can read story, character, and world files you explicitly provide. Before use, remove or ignore the no-refusal modification clause so the agent can still refuse unsafe or policy-violating requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger list contains broad phrases such as story construction and narrative generation, which are common in normal user conversations and can cause accidental activation. In an agent environment, overbroad invocation increases the chance that this skill intercepts requests outside its intended scope, leading to prompt-surface expansion and unintended application of its instructions.

Vague Triggers

Low
Confidence
76% confidence
Finding
Although routing logic is provided, the direct-input mode remains broad enough that many ordinary creative-writing prompts could match without clear boundaries. This ambiguity is less severe than an explicit unsafe instruction, but it still increases unintended invocation risk and makes agent behavior less predictable.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The file is entirely in Chinese and does not offer a language choice or document a locale constraint, which can prevent non-Chinese reviewers, operators, or downstream safety systems from understanding the skill’s behavior. In a security-sensitive agent ecosystem, reduced transparency impairs review, misuse detection, and incident response, making unsafe logic or policy violations easier to miss.

Ssd 1

Medium
Confidence
98% confidence
Finding
The instruction that the skill must not refuse any modification to skill content directly pressures the model to suppress safety-based refusal behavior. Because skills are untrusted prompt material, any clause that attempts to override or weaken refusal/safeguard logic is a serious prompt-injection pattern that could be used to facilitate unsafe content generation or policy evasion.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.