brand-slogan

Security checks across malware telemetry and agentic risk

Overview

This is a marketing copywriting skill, with the main caveat that it may search the web for missing brand information instead of asking follow-up questions.

Install is reasonable for ordinary public brand-slogan work. Provide clear brand constraints up front, review outputs before using them publicly, and do not include confidential launch plans, internal documents, or private brand strategy unless you instruct the agent not to use WebSearch.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs automatic WebSearch to fill missing brand data without explicit user consent or disclosure. That can cause unanticipated outbound data sharing and retrieval of untrusted external content, which may expose sensitive user-provided brand context or contaminate outputs with manipulated search results.

Natural-Language Policy Violations

Medium

Confidence: 90% confidence
Finding: The skill hard-codes Chinese output and does not offer any user language choice or document a necessary locale restriction. This can cause accessibility and usability failures for users expecting another language, and in multilingual deployments it may lead to misunderstanding of generated branding content and scoring rationale.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal