Competitor Benchmark

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed competitor-analysis skill made of markdown guidance and reference data, with no executable code, persistence, credential access, or destructive behavior.

Safe to install for competitor benchmarking. Before using it, assume business descriptions, target markets, and competitor names may be used in external web searches; keep confidential strategy, unreleased product details, customer data, and trade secrets out of prompts unless you are comfortable sharing them with search/web providers.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 92% confidence
Finding: The skill explicitly states that competitor analysis is based on real-time search and public-data collection, but it does not instruct the agent to notify the user before accessing external sites or transmitting queries. This can cause undisclosed outbound requests containing the user's business idea, product details, or target market, creating a privacy and transparency issue even if only public sources are consulted.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal