business-plan

Security checks across malware telemetry and agentic risk

Overview

The skill content is a normal business-plan guide, but its metadata advertises purchase and crypto capabilities that do not fit or appear in the instructions.

Review before installing. The visible skill is low technical risk and appears useful for drafting a business plan, but the marketplace metadata includes purchase and crypto capabilities that are not explained by the skill. Install only if you are comfortable with those tags or can confirm they do not grant real authority.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger list is broad enough to match common user phrasing such as 'business plan' or 'create my plan', which can cause the skill to activate in contexts where the user did not explicitly request this specialized workflow. Over-broad activation can route unrelated requests into this skill, increasing the chance of incorrect handling, context hijacking, or unintended disclosure/manipulation of user workflows.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal