Back to skill

Security audit

Carpet Cleaning Floor Care Marketing Kit

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-only marketing kit with disclosed outreach templates and compliance guardrails, but users should review legal marketing claims before sending or publishing them.

Install is reasonable if you want prompt templates for carpet-cleaning marketing. Before using outputs, verify licenses, certifications, EPA registration numbers, drying-time claims, testimonials, consent status, unsubscribe handling, and local advertising rules; do not auto-send generated outreach without human review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
84% confidence
Finding
The prompt presents itself as enforcing legal and platform compliance, but later includes outreach offers such as discounts, complimentary cleaning, and guaranteed scheduling language that may conflict with TCPA, CAN-SPAM, FTC, or advertising substantiation requirements if used without additional safeguards. This mismatch can cause users to overtrust the prompt's compliance posture and generate marketing materials that create legal or reputational exposure.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The cold outreach and ad-generation sections provide operational marketing content for email, local ads, and B2B prospecting without a strong upfront warning to verify consent, recipient eligibility, jurisdiction-specific rules, and substantiation of claims. Users may treat the generated copy as compliant-by-default and send outreach that violates CAN-SPAM, TCPA, platform rules, or creates deceptive advertising risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.