Red book content creation

Security checks across malware telemetry and agentic risk

Overview

This skill coherently turns user-provided text into Xiaohongshu-style HTML and images, with ordinary local file output and a disclosed CDN dependency for formula rendering.

Install if you are comfortable with the skill saving generated HTML/PNG files locally. Avoid using sensitive drafts with formula rendering unless you are comfortable with CDN requests to jsDelivr, and avoid feeding untrusted raw HTML into the generator.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The invocation phrases are very broad, such as asking to 'make this suitable for Xiaohongshu,' which can overlap with ordinary user requests and cause the skill to trigger unexpectedly. Over-broad triggers can route unrelated sensitive user content into the skill's transformation pipeline, increasing the chance of unintended processing, file generation, or downstream rendering with external resources.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs loading KaTeX assets from a public CDN when rendering formulas, but it does not warn that user-provided content may be processed in a context that fetches external resources. This can leak metadata such as IP address, timing, and possibly document-associated context to third parties, and it expands the trust boundary beyond the local toolchain users would reasonably expect.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal