Security audit

Return Reducer

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only ecommerce return-reduction skill whose data and photo guidance fits its stated purpose, with a privacy caution for customer/order materials.

Reasonable to install for ecommerce return analysis. Before using it, treat return exports and photos as sensitive business/customer data: minimize what you collect, redact shipping labels and identifiers, and store the materials according to your privacy and retention practices.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: As a markdown file, this skill should warn users when recommended workflows may affect user privacy or data handling. Lines L088 and L110 encourage collecting photos from returns, which can capture personal information, addresses, or other identifying details, but the description provides no warning about reviewing, storing, or minimizing such sensitive data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.