Back to skill

Security audit

Jd Price History

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward JD.com price-history helper with minor notice items around broad shopping prompts and optional alerts.

Install this if you want JD.com price-history assistance. Before using alerts or paid monitoring, confirm where watched products and target prices are stored and how to disable notifications or monitoring.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The invocation examples are broad natural-language shopping requests like asking whether it is a good time to buy or what the historical low price was. Because these overlap heavily with ordinary shopping conversation, an agent may invoke the skill unexpectedly and route general consumer dialogue, URLs, or purchasing context into the skill without clear user intent, increasing the chance of over-collection or inappropriate activation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.