Back to skill

Security audit

kitt-writer

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only Chinese long-form writing style skill with broad activation wording, but it does not run code, access accounts, persist, or modify user data.

Install this if you specifically want Kitt-style Chinese WeChat long-form drafting. Be explicit when you want a neutral voice, another language, short-form content, summaries, or editing without persona imitation; tighter activation rules would reduce accidental use on generic writing requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger conditions are extremely broad, covering generic requests like 写文章, 帮我写, 续写, 扩写 and even loosely inferred content-creation contexts. This can cause the skill to activate for many ordinary writing tasks where the user did not ask for this specific persona or workflow, leading to prompt hijacking of unrelated requests and unintended style/persona takeover.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The skill strongly binds output to Chinese and a specific公众号 persona without offering user choice, which can override user language preference and requested tone. In an agent system, this creates instruction-priority conflicts and can cause unauthorized transformation of outputs, especially when the upstream user asked for another language, neutral style, or different audience.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The file is a prescriptive style guide that strongly enforces a specific voice, tone, and rhetorical structure for generated articles, with no indication that the user should be asked for consent or allowed to override that style. In a writing skill, this can cause the agent to impose a house style even when the user requests a different tone, reducing user control and potentially misleading users into outputs that do not match their intent or brand voice.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.