Digital Product Launcher

Security checks across malware telemetry and agentic risk

Overview

This is a guidance-only skill for planning and selling digital products, with no code execution, credential use, or system access.

This appears safe to install as a marketing and launch-planning assistant. Treat its pricing and business recommendations as generic advice, avoid sharing platform passwords or private customer data in chat, and be aware it may activate on some general online-selling or income-generation questions because of broad trigger wording.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The manifest description includes very broad trigger phrases such as 'sell online', 'what should I sell', and especially 'make money online', which can match many generic user requests outside the skill's intended scope. Over-broad activation can cause the agent to invoke this skill in irrelevant contexts, leading to inappropriate guidance, prompt-space hijacking of unrelated tasks, and reduced trust in routing behavior.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal