Store

Security checks across malware telemetry and agentic risk

Overview

This is a local, markdown-only store-operations skill with disclosed local notes and no evidence of hidden network, credential, or destructive behavior.

Before installing, choose narrow activation unless you want store support to appear for general retail terms. If you enable local memory, avoid saving payroll details, private employee or customer records, card numbers, PINs, or payment credentials.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill instructs the agent to activate on a very broad set of common retail-related terms such as 'store,' 'shop,' and 'inventory,' which can cause unsolicited takeover of unrelated or only loosely related conversations. This increases the chance of context bleed, user surprise, and inappropriate operational guidance being injected where it was not explicitly requested, especially because it also encourages proactive intervention when 'operational drift' is noticed.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal