Security audit

Dropshipping Operations

Security checks across malware telemetry and agentic risk

Overview

This Amazon FBA operations skill is a straightforward business-operations checklist, but users should avoid oversharing sensitive supplier or financial details.

Before installing or using it, share only the minimum business details needed for the task. Redact supplier personal contact details where possible, use ranges for margins or ad spend when exact numbers are unnecessary, and do not provide marketplace credentials or private account access unless a separate trusted tool explicitly requires them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The setup section asks the user to provide potentially sensitive business information such as store URL, supplier contacts, revenue-related product rankings, margins, and ad spend targets without any minimization guidance or warning about sensitivity. In an agent setting, this can lead to unnecessary collection and exposure of commercially sensitive data, increasing privacy and business intelligence leakage risk if the data is logged, retained, or mishandled.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal