Groupon Skill

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Groupon deal-finding skill that uses public web search and browsing without requesting sensitive access or taking account actions.

Install this if you want your agent to search Groupon for deal requests. Be aware it may activate for general discount questions, so review results before acting and verify current price, availability, merchant quality, expiration, and fine print on Groupon before buying.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The README states the agent will automatically use this skill when users ask about deals or discounts, which indicates a broad activation condition that may trigger on loosely related requests. This can cause unintended browsing or web-search behavior, increase prompt-surface exposure, and lead the agent to act when the user did not explicitly request Groupon-specific deal hunting.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal