ASO & App Cold Start — Organic Discovery & UGC Growth Playbook

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only ASO and app growth guide with no executable code, credential access, or persistence; users should still review its marketing tactics and broad triggers.

Install only if you want ASO and app-growth advice. Be aware that it links to external tools, author profiles, and a paid bundle, and some suggested growth tactics may conflict with app-store or social-platform rules; review those before applying them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger list includes generic phrases such as "ASO," "app growth," and "app launch," which are broad enough to activate during ordinary product or marketing discussions outside the user's intent to invoke this specific skill. Over-broad activation can cause inappropriate routing, unexpected execution of the skill, and exposure to unrequested guidance or linked external resources, especially in multi-skill environments.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal