Back to skill

Security audit

shipping-page-generator

Security checks across malware telemetry and agentic risk

Overview

This is a simple shipping-page writing helper with no evidence of code execution, data access, persistence, or hidden behavior.

Safe to install for drafting shipping or delivery page content. Be aware it may appear in conversations that merely mention shipping or delivery, so ignore or disable it if it interrupts unrelated work.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The invocation description is broad enough to activate on common words like "shipping" or "delivery" without requiring clear user intent to create or optimize a shipping page. This can cause incorrect skill routing, leading the agent to provide irrelevant policy-generation content in unrelated contexts such as order-status questions or logistics discussions.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.