pricing-strategy

Security checks across malware telemetry and agentic risk

Overview

This is a coherent SaaS pricing strategy skill with a local calculator and no hidden access, persistence, exfiltration, or destructive behavior.

Safe to install for pricing work. Before use, avoid putting secrets into marketing-context.md or pricing JSON files, and review any annual-pricing recommendations for transparent billing terms, renewal/cancellation clarity, and a visible monthly alternative.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The playbook explicitly recommends defaulting the billing toggle to annual based on conversion preference, which can steer users into a higher-commitment purchase without first emphasizing the billing implications. In a pricing strategy skill, this is not code-execution dangerous, but it is a dark-pattern-style monetization risk because users may misunderstand upfront commitment or renewal expectations if disclosure is insufficient.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The section states that defaulting to annual pricing increases annual plan take rate, but does not pair that recommendation with transparency safeguards about upfront billing, commitment length, or renewal. In context, this skill is specifically meant to influence SaaS pricing and conversion behavior, which makes omission of billing clarity more concerning because operators may implement the tactic directly.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal