Back to skill

Security audit

Pricing

Security checks across malware telemetry and agentic risk

Overview

This is a plain pricing-advice skill with no code, hidden access, persistence, or sensitive system behavior.

This is reasonable to install for general product or service pricing guidance. Treat its output as business advice rather than accounting, legal, or financial advice, avoid sharing confidential customer or financial records unless needed, and note that the marketplace capability tags look broader than what the skill actually does.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill description is broad enough to match many ordinary conversations about pricing, charging, or changing prices, which can cause the agent to invoke this skill when the user did not explicitly ask for pricing guidance. Over-broad activation increases the chance of unintended context switching, irrelevant advice, and prompt-surface expansion, especially in multi-skill systems where accidental invocation can influence downstream behavior.

Natural-Language Policy Violations

Low
Confidence
79% confidence
Finding
Mixing Chinese and English in the skill body without explicitly deferring to the user's preferred language can cause the skill to respond in an unexpected language or bias the assistant toward one language. While not a direct security exploit, this can degrade reliability, confuse users, and in safety-sensitive workflows increase the chance that important instructions are misunderstood or skipped.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.