directory-submission

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only drafting skill for product directory submissions, with disclosed use of project context and web research.

Safe to install as a listing-copy drafting aid. Review generated copy before posting publicly, verify web-sourced claims such as pricing or traffic numbers, and avoid placing confidential roadmap, customer, financial, or strategy details in project-context files if you do not want them used in directory submission drafts.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The skill declares a very broad set of trigger phrases, including generic marketing and listing terms such as "get listed," "submit to directory," and "product info for directory." In agent environments that auto-select skills by semantic match, this can cause unintended invocation, leading the agent to follow this skill's strong behavioral instructions like reading project context and searching the web when the user did not explicitly request directory-submission behavior.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal