Humanizer

Security checks across malware telemetry and agentic risk

Overview

This is a document-editing skill for making AI-sounding text more natural, with no evidence of hidden code, credential use, network access, or persistence.

Reasonable to install for ordinary writing edits. Use it when you explicitly want text humanized, review diffs before accepting file changes, and be careful with documents where neutrality, authorship stance, or exact wording matters.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The skill description is broad enough to activate on generic 'editing' or 'reviewing' requests, which can cause the agent to apply rewriting behavior outside a narrowly scoped 'humanize AI-sounding text' use case. In practice, this can override user intent, modify sensitive text unnecessarily, or be selected in contexts where stylistic transformation is inappropriate, especially because the instructions encourage adding personality rather than only removing artifacts.

Natural-Language Policy Violations

Medium

Confidence: 95% confidence
Finding: The skill explicitly instructs the agent to inject opinions, first-person perspective, humor, edge, and 'personality' without requiring user opt-in. That can materially alter tone, authorship stance, and meaning, creating deceptive or inappropriate output in professional, academic, legal, or safety-sensitive contexts where neutrality and fidelity are required.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal