Product Commerce

Security checks across malware telemetry and agentic risk

Overview

This commerce skill is understandable and not malicious, but it can place real high-value orders without documenting confirmation or account controls.

Install only if you trust sputnikx.xyz and can enforce manual approval before any quote or order. Before placing an order, confirm products, quantities, total price, delivery address, tenant/account, payment handling, and cancellation or correction process.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The skill is explicitly user-invocable and supports quote and order creation, but it does not define clear trigger constraints, approval requirements, or narrowly scoped invocation conditions. In an agent setting, this increases the chance of unintended transactional execution from ambiguous user prompts or prompt injection, especially because the same skill mixes read-only and state-changing operations.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The documentation describes a live order-placement capability but provides no warning that it causes real-world transactional effects. In a commerce skill, lack of user warning and confirmation guidance is dangerous because an agent may place unintended purchases, spend money, or disclose delivery information based on misinterpreted instructions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal