Gr Competitor Research

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a research/competitive-analysis prompt skill with no evidence of malware, hidden persistence, data theft, or unsafe automatic actions.

Review the trigger wording before installing if you only want this skill used for narrow competitor-teardown workflows. Based on the supplied telemetry and artifact-backed evidence, the concern is activation breadth, not malicious behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger list contains broad, generic phrases such as "market research," "competitive analysis," and "competitor analysis" that are likely to match many ordinary user requests outside the narrow intent of this skill. This can cause the skill to activate unintentionally, steering users into a specific playbook and increasing the chance of irrelevant or unintended behavior in agent routing.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal