market-research

Security checks across malware telemetry and agentic risk

Overview

This is a simple market-research instruction skill that uses chat and web search, with no code execution, credentials, persistence, or hidden data access.

This skill is reasonable to install for market research help. Because it may use web search and generate market claims, verify sources and numbers before relying on outputs, and avoid entering confidential business plans unless you are comfortable sharing them with the underlying chat/search tools.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The 'Use When' guidance is broad enough to match many ordinary research-related requests, which can cause the skill to activate outside a clearly bounded market-research context. Overbroad triggering increases the chance of unintended tool use, unnecessary web searches, or the skill shaping outputs when the user did not explicitly request this specialized workflow.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The suggested prompt is highly generic and can match a wide range of vague business or research requests without clear boundaries. Because this skill has access to chat and web_search, a generic trigger can lead to over-activation, unintended data gathering, and user confusion about when the skill is being invoked.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal