integrations-page-generator

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only skill for planning integrations or plugins pages, with no code, credentials, install steps, or background behavior.

Safe to install for content planning. Use it when you specifically want help with integrations, add-ons, plugins, marketplaces, or API integration pages, and review generated copy before publishing because the trigger wording may be broader than necessary.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill description contains broad trigger phrases such as "plugins," "extensions," and "connect with X," which can match many unrelated user requests and cause the skill to be invoked outside its intended scope. This is dangerous because it can route conversations to the wrong capability, leading to irrelevant guidance, context confusion, or accidental use of instructions that were not appropriate for the user's task.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal