Product Description Generator

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate product-description generator, but its batch and automation examples can overwrite local files without enough containment or warnings.

Review before installing if you plan to run bulk generation or cron jobs. Use an isolated output directory, avoid untrusted CSV product names, keep backups of existing descriptions, and check for overwrites because generated files are written directly to disk.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The quick-start and script sections repeatedly instruct users to write outputs to files but do not warn that existing files may be overwritten or that generated content will be persisted locally. In automated or agentic contexts, this can lead to unintentional data loss, cluttering of working directories, or writing sensitive generated content to disk without user awareness.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The automation examples schedule recurring bulk generation jobs that write to filesystem paths, but they omit warnings about repeated modification of local data, storage growth, and possible overwrites in output directories. In an agent environment, unattended scheduled execution increases risk because mistakes can be amplified over time and affect many files at once.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal