Cmo Advisor

Security checks across malware telemetry and agentic risk

Overview

This is a marketing strategy advisor with optional local calculators, and I found no hidden data access, credential use, persistence, network activity, or account-changing behavior.

Safe to install for marketing strategy work. Be aware it may activate on broad marketing terms and may read a local company-context.md file if present; keep that file free of secrets and review the sample assumptions before running the optional Python calculators.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill description is broad and keyed to common business terms like CMO, brand strategy, CAC, LTV, and marketing ROI, which can cause over-triggering in unrelated conversations. Overbroad routing is dangerous because it can inject this skill's instructions and cross-role behaviors into contexts where they are not appropriate, increasing the chance of misrouting, policy bypass-by-context, or unintended tool/reference loading.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The proactive trigger section instructs the skill to surface recommendations without being asked based on detected company context, which creates ambiguous unsolicited activation behavior. In an agent setting, this can lead to context-sensitive overreach, surprising autonomous responses, and increased exposure to stale, partial, or unrelated context being treated as a basis for advice.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal