Back to skill

Security audit

SaaS Pricing Strategy

Security checks across malware telemetry and agentic risk

Overview

This is a simple SaaS pricing advice skill with no code execution, credential access, persistence, or hidden system behavior.

This is reasonable to install for SaaS pricing help. Pricing plans, customer feedback, and competitor notes can be business-sensitive, so share only details you are comfortable putting into a chat and treat the output as advisory before making pricing changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The manifest description is broad enough to trigger on common business questions such as pricing, trials, or monetization, which may cause the agent to invoke this skill in situations where the user did not explicitly request it. This is not directly exploitable like code execution, but it can expand the skill's activation surface and increase the chance of inappropriate or unexpected routing.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.