Back to skill

Security audit

Flash Sale Designer

Security checks across malware telemetry and agentic risk

Overview

This is a content-only ecommerce flash-sale planning skill with no executable code, credential use, persistence, or hidden data flow.

This skill appears safe to install as a marketing planning aid. Users should still review generated flash-sale copy for legal compliance, truthful scarcity claims, SMS/email consent rules, and platform advertising policies before using it with customers.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • System Prompt LeakageDirect Leakage, Indirect Extraction, Tool-Based Exfiltration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Direct Prompt Extraction

High
Category
System Prompt Leakage
Content
## Threshold-Based Visibility Rules

| Stock Remaining (% of Flash Allocation) | Display Rule |
|---|---|
| 100–70% | No stock count needed — show discount and timer |
| 70–50% | Optional: "Selling fast" badge |
Confidence
85% confidence
Finding
Display Rule

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.