Air Duct Cleaning Iaq Kit

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This is a prompt-only marketing kit with no code execution, but it has compliance-sensitive flaws users should review before using it publicly.

Install only if you will manually review and adapt the generated content before publishing. Treat the Nevada licensing guidance as Nevada-specific unless verified by local counsel, and remove any review-request wording that asks only happy or satisfied customers to leave reviews.

SkillSpector (2)

By NVIDIA

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: This is a real compliance flaw: the prompt explicitly bans selective review requests, but several templates/scripts say 'if you're happy' or otherwise condition review solicitation on positive sentiment. That creates review-gating behavior, which can mislead consumers and expose the operator to FTC/platform-policy violations. In this context, the contradiction is more dangerous because the skill presents itself as 'compliance-first,' increasing the chance users will trust and deploy the noncompliant language as authoritative.

Natural-Language Policy Violations

Medium

Confidence: 94% confidence
Finding: The prompt hard-codes Nevada-specific legal and licensing requirements, including NRS 624, NV business licenses, Clark County/Henderson references, and C-21 framing, without clearly constraining the skill to Nevada-only use or asking the user to select jurisdiction. A user outside Nevada could reasonably rely on this as generally applicable compliance guidance, causing noncompliant advertising, incorrect licensing assumptions, or unlawful marketing claims in another state.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal