Back to skill

Security audit

Auto Repair Shop Marketing Kit

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only marketing prompt kit for auto repair shops, with no code or automatic sending, but users should review outreach compliance before using the generated messages.

Install only if you are comfortable using an external AI tool to draft business marketing copy. Before sending SMS or email, confirm recipients have the required opt-in or legal basis, include unsubscribe/opt-out language, honor suppression requests, and have regulated warranty, estimate, review, and advertising claims reviewed for your state and platform policies.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The prompt directs an AI to generate SMS promotions and a multi-email reminder sequence but does not require confirmation of recipient consent, opt-in status, suppression handling, or compliance with messaging laws such as TCPA, CAN-SPAM, and state privacy requirements. In a marketing skill, this omission can lead users to produce and deploy outreach content that facilitates non-compliant direct marketing campaigns, especially because the prompt otherwise emphasizes legal compliance and may create a false sense that all major compliance issues are covered.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.