Content Multiplier

Security checks across malware telemetry and agentic risk

Overview

This is a coherent content-repurposing skill that reads user-provided content and writes generated social-media drafts locally, with no evidence of hidden network, credential, persistence, or destructive behavior.

Safe to install for local content repurposing. Users should review drafts before publishing and be aware that the command-line script writes markdown files to the chosen output directory and may overwrite files with the same generated name.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 85% confidence
Finding: The skill hardcodes the initial interaction in Chinese, which can override the user's preferred language and create misleading or exclusionary behavior. While not a classic security exploit, it is a genuine safety and quality issue because it can cause confusion, reduce informed consent, and make users provide sensitive content without clearly understanding the prompt.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal