Security audit

Course Creator Coach

Security checks across malware telemetry and agentic risk

Overview

This is a course-creation coaching prompt with broad triggers, but it has no code, credential use, persistence, or automatic account access.

Installers should treat this as business coaching, not automation. Keep ad budgets, pricing, public income claims, refund policies, platform migrations, and compliance-sensitive choices under manual review, and verify current FTC, platform, tax, and legal requirements before acting.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The manifest uses a long list of broad trigger phrases such as "online course," "build a course," and platform names that commonly appear in ordinary business discussions. This can cause the skill to activate outside its intended scope, leading to unnecessary interception of user requests and increasing the chance that specialized guidance is applied in the wrong context.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal