Churn Prevention

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only churn-prevention guide; its main caution is that it may read a bounded local marketing context file and gives cancellation-flow advice that needs compliance review.

Safe to install for churn and retention strategy work. Before using it, make sure any local product-marketing context file it may read does not contain secrets or unrelated confidential material. Review cancel-flow and dunning recommendations with legal/compliance judgment, especially any high-friction cancellation handling for larger accounts.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs the agent to read local project files before asking questions, but does not require user awareness or consent for accessing workspace content. This creates a privacy and least-privilege issue: the agent may inspect local files containing sensitive business context, internal plans, or confidential data even when the user did not explicitly authorize file access for this task.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal