FREELANCER PROPOSAL ENGINE

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only freelancer writing helper with no code execution, persistence, credential access, or external data flow.

Safe to install for drafting freelance business documents. Review generated contracts, invoices, late-fee language, and pricing benchmarks before using them with real clients, especially where legal, tax, or jurisdiction-specific rules apply.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger description is unusually broad and includes generic phrases such as "write me a proposal" and "how do I get clients," which can match routine user requests outside the intended scope. This can cause unintended skill activation, leading the assistant to prioritize this skill's instructions over more appropriate context-specific behavior and increasing the chance of prompt-scope confusion.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal