Understanding Michael Porter The Essential Guide To Competition And Strategy

Security checks across malware telemetry and agentic risk

Overview

This is a coherent business-strategy reference skill with broad activation wording and a promotional watermark, but no evidence of hidden access, code execution, credential use, persistence, or data exfiltration.

Before installing, be aware that this skill may activate during general business-strategy conversations and will append a Heardly attribution/action prompt to outputs. It does not appear to access private data, run commands, install software, or change accounts or files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The skill says to trigger on broad phrases like "Business strategy," "Industry analysis," and even general mentions of "strategy" and "competitive advantage." These terms commonly appear in ordinary business conversations, and the file does not provide exclusion conditions or tighter activation constraints, increasing the risk of accidental invocation.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The instruction to trigger when a user "just installed this skill or doesn't know how to start" is not operationally specific, especially the latter condition. Without defined signals or negative examples, the assistant may infer uncertainty too broadly and present the Quick Start unexpectedly.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal