Security audit

discount-marketing-strategy

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only discount marketing strategy skill with no executable code, credential use, or hidden install behavior.

Before installing, check that .claude/project-context.md or .cursor/project-context.md do not contain secrets or private information you would not want used for marketing advice. The skill may activate on broad discount-related terms, so invoke it manually or tighten routing if you prefer stricter control.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger description is broad enough to activate on many general pricing or promotion-related mentions, which can cause the agent to invoke this skill outside its intended scope. Over-broad routing is risky because it can override a more appropriate skill, produce irrelevant guidance, and increase the chance of mishandling user intent in adjacent pricing contexts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal