Back to skill

Security audit

cn-marketing-strategy

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed China-focused marketing planner with a small benchmark lookup script and no evidence of hidden persistence, credential access, or destructive behavior.

Install this if you want China-focused marketing planning and benchmark lookups. Treat the external API as a third-party service: avoid sending confidential campaign details or sensitive marketing copy unless you trust the provider, and confirm before running the benchmark script in environments with restricted network policy.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
81% confidence
Finding
Very broad trigger phrases can cause the skill to activate in unrelated contexts, unexpectedly steering user interactions toward this skill and any linked external API/script behavior. In a skill with network-backed features and shell references, over-invocation increases exposure to unintended data flows and expands the attack surface.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.