Back to skill

Security audit

Groupon Skill

Security checks across malware telemetry and agentic risk

Overview

This skill only teaches an agent to search public Groupon pages for local deals and does not request sensitive access or perform account actions.

Install this if you want your agent to search Groupon for local deals. Be aware it may activate for general deal or discount requests, so verify the current price, availability, merchant reputation, expiration date, and fine print on Groupon before buying.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The README states the agent will automatically use this skill when users ask about deals or discounts, which is a broad trigger likely to overlap with many ordinary shopping or recommendation requests. Overbroad activation can cause the skill to run in contexts where Groupon-specific browsing is not intended, leading to unnecessary web access, irrelevant behavior, or reduced reliability of higher-priority skills.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.