testimonials-generator

Security checks across malware telemetry and agentic risk

Overview

This is a lightweight writing and design helper for testimonial sections, with no code execution or account access.

Safe for normal use as a testimonial-section helper. Before installing, remember it may use local project-context files if they exist, so do not store secrets there, and verify that any testimonials, statistics, customer names, photos, logos, and review claims are truthful and authorized before publishing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The manifest description includes very broad trigger phrases such as 'reviews,' 'case studies,' and 'social proof,' which can cause the skill to activate in contexts where the user did not actually request testimonial-generation help. Over-broad activation is dangerous because it can misroute user intent, override a more appropriate skill, or inject irrelevant guidance into unrelated workflows, especially in multi-skill agent environments.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal