Back to skill

Security audit

Ai Prompt Pack

Security checks across malware telemetry and agentic risk

Overview

This is a text-only prompt pack for digital sellers, with no code execution, credentials, persistence, or system access requested.

This appears safe to install as a prompt resource. Use it when you specifically want digital-product sales prompts, and note that the README includes a commercial Gumroad link for a larger paid pack.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation guidance is broad enough that a user request for general sales help could unintentionally trigger this skill, causing the agent to apply a commercial prompt pack when the user did not explicitly ask for it. This is not a code-execution issue, but it can lead to incorrect routing, confusing responses, or unintended disclosure/use of packaged prompt content in mixed-skill environments.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.