Back to skill

Security audit

Beauty Wellness Salon Marketing

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-only salon marketing kit that drafts outreach content but does not send messages, access accounts, or run code.

Safe to install as a prompt pack, but treat its outputs as drafts. Only send SMS or email to clients where you have the required consent, keep unsubscribe records, avoid sensitive client details unless necessary, and have testimonial, before/after, med-spa, and promotional claims reviewed for the rules that apply to your jurisdiction and platform.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The prompt operationalizes email and SMS outreach, review requests, and win-back messaging using customer names, service history, and contact channels, but does not require lawful consent, opt-in management, data minimization, or jurisdiction-specific compliance beyond a few sample STOP notices. This can lead users to deploy non-compliant marketing workflows involving personal data and unsolicited messages, creating privacy, TCPA/CAN-SPAM/GDPR/CCPA, and platform-policy exposure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.