Discount Info

Security checks across malware telemetry and agentic risk

Overview

This is a simple discount-information skill with no executable code, install actions, credential use, or persistence.

Safe to install for general discount guidance. Avoid sharing payment details, credentials, or private account information when asking for deals, and verify time-sensitive offers directly with the retailer before relying on them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The example trigger phrases are generic enough to match ordinary user help requests, which can cause the skill to activate outside its intended discount-information scope. This increases the risk of misrouting user queries, confusing users, and unintentionally exposing the skill in contexts where it was not explicitly invoked.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal