Fashionopolis

Security checks across malware telemetry and agentic risk

Overview

The available evidence shows a low-risk skill with overly broad activation wording, but no signs of hidden actions, data theft, persistence, or destructive behavior.

Install only if you are comfortable with the skill potentially activating on broad sustainability or material-related terms. Review its trigger wording and disable or narrow it if it interrupts unrelated conversations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger list is extremely broad and includes generic terms such as 'sustainable', 'ethical', 'cotton', 'polyester', and even 'just installed this skill', which can cause the skill to activate in many unrelated conversations. Over-broad activation is dangerous because it can hijack user intent, override more appropriate skills or system behavior, and force unsolicited onboarding content, reducing reliability and potentially enabling prompt-scope abuse through opportunistic triggering.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal