Product & Innovation Playbook

Security checks across malware telemetry and agentic risk

Overview

This is a text-only product planning skill with broad activation wording but no hidden access, execution, or persistence behavior.

Safe to install for product strategy and innovation planning. Review the broad trigger wording if you use multiple business or product-management skills, and avoid sharing confidential product plans unless you are comfortable giving that context to your agent.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The skill description uses very broad trigger terms such as product strategy, discovery, prioritization, experimentation, and innovation workflows, which can cause the agent to invoke this skill for a wide range of ordinary requests. Over-broad routing increases the chance of unintended skill activation, causing irrelevant instructions to override better-matched skills or general-purpose behavior and potentially leading to poor or unsafe task handling.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal