Back to skill

Security audit

Product Marketing Context

Security checks across malware telemetry and agentic risk

Overview

This skill is a local helper for drafting a reusable product marketing context file, with disclosed repo reading and local persistence but no hidden code, credentials, network use, or exfiltration behavior.

Install this if you want a reusable local product marketing context file. Use auto-draft only in repositories where it is acceptable for the agent to read documentation and marketing-related files, then review `.claude/product-marketing-context.md` before relying on it or letting other marketing skills reuse it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger description uses broad phrases like 'product context,' 'marketing context,' 'set up context,' and 'positioning,' which can match many normal marketing conversations even when the user did not intend to invoke this skill. That can cause unintended activation, leading the agent to read repository files and create or update `.claude/product-marketing-context.md` based on loose context rather than explicit user intent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.