Coupon

Security checks across malware telemetry and agentic risk

Overview

This appears to be a low-risk coupon/deal guidance skill, with the main issue being broad trigger wording that could route unrelated shopping requests to it.

Safe to install if you want coupon or deal assistance. Be aware it may activate on broad shopping-help requests, so confirm the skill is relevant before following commercial recommendations, and verify coupons, prices, and platform terms directly before purchasing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The example invocation phrases are so generic that ordinary user help requests could unintentionally trigger this skill. In a marketplace/coupon context, that can cause unwanted routing, confusing responses, or unsolicited commercial guidance when the user did not explicitly ask for coupon-related assistance.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal