growth-funnel

Security checks across malware telemetry and agentic risk

Overview

This is a plain text growth-strategy skill with no code execution, credential access, persistence, or external actions.

This appears safe to install as an advisory growth framework skill. Expect it to provide AARRR funnel analysis and tactical recommendations; the main caveat is that it may activate for broad growth-metrics wording, so users should verify it is the right skill for the question.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill description includes very broad trigger phrases such as generic mentions of 'growth funnel,' 'customer lifecycle metrics,' and the full AARRR expansion, which can cause the skill to activate in conversations that only loosely relate to growth analysis. Over-broad invocation can route user requests to the wrong skill, creating confusion, irrelevant outputs, and increased exposure to any downstream weaknesses in the skill-selection pipeline.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal