Back to skill

Security audit

market sales skills

Security checks across malware telemetry and agentic risk

Overview

This is a sales-guidance skill that may steer wording toward Floods marketing claims, but it does not show code execution, data access, persistence, or hidden privileged behavior.

Install this only if you want Floods-oriented sales and mobile-gaming UA positioning available to the assistant. Review outputs for overconfident marketing claims and ask for neutral wording or source verification when using the included metrics in real collateral.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger guidance is extremely broad: it says to load the skill for many common sales and market-analysis topics and even says 'When in doubt, load this skill.' That can cause unintended activation in unrelated contexts, injecting sales messaging and embedded assumptions into user workflows without clear relevance or consent. The risk is increased slightly by the skill's strong persuasive framing and prescriptive instructions, which could bias outputs once activated.

Natural-Language Policy Violations

Medium
Confidence
83% confidence
Finding
The skill mandates a specific communication style and vocabulary 'without exception,' which can override user preferences for tone, simplicity, or locale/style conventions. While this is mainly a quality and alignment issue rather than a classic security flaw, forced stylistic constraints can reduce user control and produce inappropriate outputs if the skill activates in the wrong context.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.