Back to skill

Security audit

cold-start-strategy

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only strategy skill for early product launch and user acquisition, with no code execution, credential use, or automatic external actions.

Reasonable to install for cold-start launch planning. Be aware it may activate for broad early marketing or launch questions, and review any local project-context files before use if they contain private product details or secrets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list is very broad and includes many generic growth and launch phrases, so the skill may activate for ordinary marketing or GTM requests that are better handled by more specific skills. This can cause routing errors and context hijacking, leading the agent to provide less appropriate guidance or bypass narrower, safer task boundaries.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.