Back to skill

Security audit

Cross Listing AI

Security checks across malware telemetry and agentic risk

Overview

This is a coherent listing-assistant skill that analyzes seller-provided item photos, suggests prices, and drafts copy-paste marketplace listings without hidden posting, credential use, or persistence.

Install if you want help drafting listings from item photos, but review all generated prices, condition claims, shipping details, and marketplace copy before posting. The skill drafts content; it does not show evidence of posting listings or using marketplace accounts on its own.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The default prompt is generic enough to activate the skill in situations where the user did not clearly request this specific workflow, and the policy explicitly allows implicit invocation. Because this skill performs marketplace listing generation and pricing assistance from photos, unintended activation could cause unreviewed listing content, incorrect pricing guidance, or unexpected data processing in broader conversations. The seller/listing context increases risk because outputs may be acted on directly and posted to external marketplaces.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.