referral-program

Security checks across malware telemetry and agentic risk

Overview

This is a referral-program strategy guide with no executable code, install scripts, credentials, or hidden system access.

Safe to install as a marketing strategy aid. Before using it, check that any `.claude/project-context.md` or `.cursor/project-context.md` files do not contain secrets or sensitive business details you would not want reflected in generated advice, and validate referral incentives against local law and market norms.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger description is very broad and overlaps with generic growth, marketing, and optimization requests, which can cause the skill to activate when a more appropriate or narrower skill should handle the task. In an agent system, overbroad routing can bias outputs, suppress better-matched skills, and lead to low-quality or context-inappropriate business guidance.

Natural-Language Policy Violations

Low

Confidence: 79% confidence
Finding: The statement that referral is a necessity in overseas markets, not an alternative, is an unqualified cross-locale business claim presented as fact. This can mislead users into applying strategy without validating regional, legal, cultural, or product-specific fit, especially in markets where referral behavior, incentives, or compliance rules differ.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal