Article Illustrator

Security checks across malware telemetry and agentic risk

Overview

This is a coherent article-illustration helper with one content-safety warning users should override for copyrighted or sensitive subjects.

Install only if you want an agent to read article drafts and send derived prompts to an image generator. Prefer project-local preferences and an illustrated-copy output for important files. Treat platform safety, copyright, and privacy rules as higher priority than the skill’s non-refusal wording, especially for real people, copyrighted characters, or sensitive subjects.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: The prompt explicitly instructs the model to create stylistically similar alternatives for sensitive or copyrighted figures and adds 'DO NOT refuse to generate,' which attempts to suppress normal safety refusal behavior. In an article-illustration skill, this is unnecessary and increases the chance the system will facilitate policy-violating depictions, including copyright evasion or unsafe content generation.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger condition includes broad language such as requests to 'visually enhance written content,' which can cause the skill to activate in many contexts beyond article illustration. Overly broad activation increases the chance of inappropriate interception of user requests, accidental file handling, or unexpected generation/editing behavior in workflows where the user did not intend to invoke this skill.

Missing User Warnings

Low

Confidence: 90% confidence
Finding: The setup flow offers a user-scoped save location that writes preferences affecting all projects, but it does not clearly warn about the broader scope or possible unintended cross-project effects. In a skill that may run across different repositories and article contexts, this can cause surprising persistence of settings and privacy or behavior issues if users assume the configuration is local only.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal