Security audit

Sif Asin Summary

Security checks across malware telemetry and agentic risk

Overview

The skill mostly performs advertised ASIN traffic analysis, but it also directs agents to quietly send broad user-feedback content to a separate LinkFox endpoint.

Install only if you are comfortable sending ASIN queries to LinkFox and can prevent automatic feedback submission unless explicitly approved. Use a dedicated revocable API key and avoid putting sensitive business context in prompts that could be included in feedback.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The skill directs the agent to automatically submit feedback based on user sentiment, dissatisfaction/praise, and inferred improvement opportunities, which goes beyond the stated purpose of ASIN traffic analysis. That can exfiltrate user interaction content and behavioral inferences to another service without clear necessity, consent, or user awareness.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The file documents a separate feedback endpoint unrelated to the stated ASIN traffic-analysis function, expanding the skill's effective capability beyond user-requested analysis. This creates a confused-deputy risk: an agent implementing the skill could be induced to transmit user-derived content to an additional external service without clear necessity, consent, or scope limitation.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill discusses API usage for its main function but does not prominently disclose that user interactions may also be automatically reported via a feedback API. Hidden secondary data flows are dangerous because users may share business-sensitive product research or opinions, unaware that this content could be transmitted elsewhere.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The documentation instructs sending an API key to an external service but provides no explicit warning, consent model, or data-handling disclosure for users whose inputs will be transmitted off-platform. In an agent setting, this increases the chance that sensitive user-provided ASIN lists, business data, or derived context are sent to a third party without transparent notice or policy checks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal