Marketing Agent

Security checks across malware telemetry and agentic risk

Overview

This is a lightweight marketing-planning skill with no executable code or credential requests, though users should review trading and promotional content before publishing.

Reasonable to install for planning and drafting marketing content. Keep human approval for publishing, especially for trading-signal posts, financial claims, promotional offers, and anything sent to social media, Telegram, or a website.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The trigger section uses vague activation conditions such as daily planning, before every trade signal, and weekly analytics without defining clear scope, authorization, or guardrails. In a marketing skill that touches trading-signal content, this ambiguity can cause the agent to activate too often, produce or distribute sensitive/high-risk promotional material at the wrong time, or perform unintended actions based on loosely interpreted events.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal