Back to skill

Security audit

Podcast Episode Launch Pack

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only podcast marketing helper with no executable code, credentials, integrations, persistence, or hidden data handling.

Before installing, remember that transcripts may contain private guest, customer, or listener information, so redact sensitive material before pasting. Review generated quotes, timestamps, guest bios, and social copy before publishing, because the skill drafts marketing content but does not verify facts externally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list contains very broad phrases such as "help me publish this episode" that can plausibly appear in general conversation and overlap with adjacent skills like generic writing, marketing, publishing, or strategy assistance. Overbroad activation criteria can cause unintended invocation, leading the agent to route user requests to this skill when the user did not explicitly want podcast-launch packaging, which can produce incorrect actions or responses.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.