Newsletter Writer

Security checks across malware telemetry and agentic risk

Overview

This skill is a newsletter-writing helper with only a limited local history log as the main privacy caution.

Safe to install for normal newsletter drafting. If using scripts/script.sh, avoid putting confidential customer lists, segmentation details, or unreleased campaign copy directly in command arguments unless you are comfortable with that text being saved locally in history.log; set NEWSLETTER_WRITER_DIR to control where it is stored or delete the log periodically.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: User-supplied command inputs are written verbatim to a persistent history log under the user's data directory without disclosure or consent. In a newsletter-writing context, prompts may contain draft campaign text, customer segments, email subjects, or other sensitive business data, creating a privacy and data retention risk if local logs are later accessed by other users, backups, or support tooling.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal