Back to skill

Security audit

Competitor Alternatives

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a competitor-positioning writing aid with one broad activation phrase, but no evidence of hidden access, persistence, credential use, destructive actions, or data exfiltration.

Before installing, understand that this skill may be invoked for a wide range of competitor-related marketing requests. Use it where you explicitly want competitive positioning help, and review generated claims for accuracy, sourcing, and legal/compliance sensitivity before publishing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
93% confidence
Finding
Line L003 says to use the skill for "any content that positions your product against competitors," which is broad enough to overlap with many common marketing, sales, or content tasks beyond the specific page formats listed. Although examples are provided, the catch-all wording makes the trigger scope ambiguous and could cause unintended invocation instead of a narrower competitor-page workflow.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.