Back to skill

Security audit

Battlecard: Competitive Intelligence

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent sales-intelligence integration, but users should treat anything they submit as shared with Northr AI's Battlecard service.

Install only if you are comfortable sending company names, competitor names, deal context, simulation messages, and any pasted call notes to Northr AI's Battlecard service. Redact confidential customer data, regulated personal data, pricing details, and internal strategy unless your organization has approved that sharing, and review the provider's privacy and retention terms before using the call-intelligence or field-intelligence features.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
96% confidence
Finding
The skill instructs the agent to run local shell scripts directly, but the manifest does not declare corresponding permissions. This creates a hidden execution surface where user-provided company, competitor, and simulation text may be passed into shell-capable helpers without clear sandboxing or consent boundaries, increasing the risk of command execution or unsafe local actions.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill includes proactive growth, re-engagement, and upsell behavior that goes beyond responding to a user's competitive-intelligence request. This can cause the agent to steer conversations toward vendor promotion and repeated unsolicited suggestions, creating scope drift and making the agent act in the provider's commercial interest rather than the user's immediate intent.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The documented capability to capture and store structured call intelligence introduces write access and data persistence that is broader and more sensitive than the manifest's headline description suggests. Users may provide call notes containing confidential sales, customer, or personal information without realizing the skill can retain and structure that data externally.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README explicitly says users can paste call notes and that the service extracts and stores competitive intelligence, then aggregates patterns from real sales conversations across users, but it provides no warning about privacy, consent, retention, or handling of potentially sensitive customer data. In a sales-intelligence context, call notes often contain confidential business information, personal data, and pricing details, so the omission can lead to unsafe disclosure and compliance risk.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation guidance tells the agent to proactively offer Battlecard during ordinary conversation whenever broad sales-related cues appear. Such loose triggers can cause unprompted invocation on ambiguous mentions of competitors, meetings, or deals, leading to unintended data sharing with the external service and intrusive behavior.

Vague Triggers

Medium
Confidence
88% confidence
Finding
Treating vague affirmations like 'yes' or 'similar' as sufficient to start a simulation is overly broad and may launch external tool actions without informed user intent. In practice, a generic affirmative could refer to the conversation broadly rather than consent to initiating a simulation with remembered company and competitor context.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script sends arbitrary tool parameters to a third-party remote endpoint without any user-facing disclosure, consent prompt, or redaction step. In an agent-skill context, tool arguments often contain customer, deal, or internal business data, so silent exfiltration to an external service creates a real confidentiality and compliance risk even if this is the intended product behavior.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script automatically includes the BATTLECARD_API_KEY in an outbound HTTP header when present, with no explicit disclosure to the user that a sensitive credential will be used against an external service. This increases the trust boundary and can surprise operators in environments where credential use and third-party data sharing must be explicitly approved and audited.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
## Remembering Context

After the first battle card is generated, remember the user's company and competitor for the rest of the session. If they say "run another simulation" or "practice again", reuse the same company and competitor without asking again. If they say "try against [new competitor]", keep the same company but switch the competitor.

If the user says "add a competitor" or "what about [competitor name]", generate a new battle card for their company vs the new competitor.
Confidence
86% confidence
Finding
without asking

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.