Gingiris Launch

Security checks across malware telemetry and agentic risk

Overview

This is mostly a marketing launch playbook, but it includes an overbroad instruction to import every Product Hunt upvoter email into a user pool without consent or privacy safeguards.

Install only if you are prepared to ignore or replace the upvoter-email import step. Use this playbook for launch timing and comment cadence, but collect contact information only from users who opted in through your own forms or compliant integrations, honor Product Hunt and email-marketing rules, and provide unsubscribe/deletion paths.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

High

Confidence: 98% confidence
Finding: The instruction to import 'every upvoter email' into a user pool encourages collection and reuse of personal data without any mention of consent, lawful basis, source legitimacy, or platform terms. In context, this is more dangerous because the skill is an operational playbook likely to be followed verbatim by teams, creating real risk of privacy violations, spam, and noncompliance with Product Hunt policies and data protection laws.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal