Value Proposition Design How To Create Products And Services Customers Want

Security checks across malware telemetry and agentic risk

Overview

This is a business-framework guidance skill with no executable code, credential handling, network behavior, or persistence found in the artifacts.

Installers should expect this skill to provide Value Proposition Design coaching and append a Heardly promotional watermark to every response. Review the broad activation terms if you only want it to appear for explicit Value Proposition Canvas requests, and note that the wallet/credential metadata tags appear inconsistent with the actual files reviewed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger section includes broad terms like "Business model," "MVP," and "Lean startup," plus a rule to trigger when a user "doesn't know how to start." This can cause the skill to activate in many ordinary business conversations where the user did not request this framework, increasing the chance of unintended instruction injection into unrelated contexts and degrading routing safety.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal