Security audit

Competitor Research Playbook

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only competitor research playbook with no code execution, credential use, persistence, or hidden data handling.

Install this if you want a structured competitor research checklist. Use it for explicit competitor or market-analysis tasks, and make sure any public social, traffic, or ad research respects platform rules, privacy expectations, and applicable law.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger list contains broad phrases such as "market research," "competitive analysis," and "content strategy analysis" that can match many ordinary user requests outside this skill’s specialized scope. In an agentic environment, that can cause over-invocation of this skill, leading the agent to apply competitor-research workflows when the user did not request them, increasing the risk of inappropriate data gathering guidance or irrelevant actions.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The when-to-use section repeats broad activation terms without defining exclusion criteria or confirmation steps, which reinforces ambiguous routing behavior. This makes accidental activation more likely and can cause the system to steer general market-research requests into a more invasive competitor reverse-engineering playbook than intended.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal