介绍文案大师（跨境/小红书/公众号等）

Security checks across malware telemetry and agentic risk

Overview

This is a text-only Chinese marketing copywriting helper, with no code or hidden access to files, accounts, credentials, or tools.

Safe to install as a copywriting prompt skill. Review generated marketing copy before publishing, especially claims about results, testimonials, scarcity, refunds, prices, legal compliance, health, finance, or any non-Chinese market where tone and regulations may differ.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger definition is extremely broad and includes catch-all phrasing such as '任何需要说服、种草、成交、引导行动的文本', which can cause the skill to activate for many ordinary requests beyond its intended scope. Over-broad routing can misapply persuasion-focused behavior in contexts where the user did not explicitly request marketing copy, leading to inappropriate tone, unsafe assistance in sensitive domains, or interference with more suitable skills.

Natural-Language Policy Violations

Medium

Confidence: 82% confidence
Finding: The skill is framed as a Chinese-copywriting specialist and defaults heavily toward Chinese output and Chinese-platform conventions without an explicit check for the user's requested language. This can override user intent, reduce reliability in multilingual contexts, and cause the agent to answer in an unintended language or style.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal