Customer

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-only customer success playbook, with the main caution that users may share sensitive customer and revenue information while using it.

Safe to install as a prompt-only customer success guide. Before using it with real accounts, confirm you are authorized to share customer names, contract terms, renewal details, usage metrics, NPS comments, support issues, and revenue context with your agent, and prefer redacted or aggregated examples when possible.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger list contains very broad terms such as "customer," "onboarding," and "retention," which are common across many unrelated business conversations. This can cause the skill to activate outside its intended scope, leading to prompt hijacking opportunities, workflow interference, or accidental exposure of unrelated context to a customer-focused skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal