ecommerce-visual-copywriting

Security checks across malware telemetry and agentic risk

Overview

This is a Markdown-only e-commerce copywriting workflow with compliance guidance and no hidden code, credentials, or external data access.

Reasonable to install if you want an e-commerce visual-copywriting SOP. Review generated claims before publishing, especially for advertising-law and platform-compliance issues, and avoid sharing sensitive business or competitor data unless you trust the agent environment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill declares very broad trigger keywords such as '电商文案', '合规审查', platform names, and generic English phrases like 'listing copy' and 'CTR optimization', with no requirement to confirm user intent before activation. In agents that auto-load or prioritize skills by keyword match, this can cause unintended activation, instruction interference, or prompt-scope hijacking where the skill influences unrelated conversations touching commerce, compliance, or platform topics.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger conditions are broad enough to activate on generic e-commerce or compliance discussions, not just clear user intent to invoke this skill. This can cause unintended routing, making the agent apply this SOP in irrelevant contexts and potentially override more appropriate skills or responses.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal