market-research

Security checks across malware telemetry and agentic risk

Overview

This is a simple market-research instruction skill that discloses web search use and does not contain executable or hidden behavior.

Install this if you want a general market research workflow that may use web search. Review outputs before relying on them or publishing them, and avoid sharing confidential business data unless you are comfortable using it in a chat and search workflow.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The suggested prompt is so broad that it can match ordinary user requests for general market analysis, increasing the chance the skill is invoked unintentionally or too aggressively. This can cause prompt routing confusion, unexpected tool use such as web_search, and delivery of output under the skill's framing when the user may have intended a narrower or different task.

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The 'Use When' guidance is vague and lacks boundaries for when the skill should not be applied, which can lead to over-triggering on routine analyst or founder requests. In a multi-skill agent environment, ambiguous activation conditions increase the risk of incorrect skill selection, unnecessary external data access, and outputs that are misaligned with user intent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal