Security audit

Podcast Episode Launch Pack

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only podcast marketing helper with no executable code, credentials, integrations, persistence, or hidden data handling.

Before installing, remember that transcripts may contain private guest, customer, or listener information, so redact sensitive material before pasting. Review generated quotes, timestamps, guest bios, and social copy before publishing, because the skill drafts marketing content but does not verify facts externally.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger list contains very broad phrases such as "help me publish this episode" that can plausibly appear in general conversation and overlap with adjacent skills like generic writing, marketing, publishing, or strategy assistance. Overbroad activation criteria can cause unintended invocation, leading the agent to route user requests to this skill when the user did not explicitly want podcast-launch packaging, which can produce incorrect actions or responses.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.