the-4p-marketing-consultant

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese-language marketing advice skill with no executable code, install scripts, or hidden data access.

Safe to install for Chinese-language marketing consultation. Avoid putting confidential product plans, pricing details, customer data, or competitive information into prompts that may be used for web searches.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill’s activation criteria are very broad and match generic requests for advice, analysis, examples, and planning. That can cause over-invocation, where the skill takes over conversations outside its intended scope and influences responses without clear user consent, increasing the risk of inappropriate tool use or policy bypass via ambiguous routing.

Natural-Language Policy Violations

Medium

Confidence: 77% confidence
Finding: The skill content is written to operate in Chinese and does not offer user language choice or state a justified locale restriction. This can create unsafe or misleading interactions if invoked for users in other languages, because the model may respond in an unexpected language, degrade comprehension, and cause users to miss important qualifiers or limitations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal