Back to skill

Security audit

Trend Spotter

Security checks across malware telemetry and agentic risk

Overview

Trend Spotter is a disclosed marketing trend-analysis skill that uses public trend sources and limited memory files to produce reports.

Before installing, be aware that vague trend-related requests may invoke this skill and create local memory notes. Provide a brand, industry, platform, and time horizon when using it, and review any connector/network calls or hot-cache promotions if your workspace contains sensitive campaign context.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The auto-activation rule is broad enough to trigger on common phrases like 'what is trending' or 'what to post around,' which can cause the wrong skill to run without sufficient user intent verification. In an agent-skill host, this can lead to unintended file writes, memory promotion, and unnecessary connector/tool usage based on ambiguous requests.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.