Amazon Storefront Design

Security checks across malware telemetry and agentic risk

Overview

This is a small Amazon storefront design advice skill with no executable code, credential access, persistence, or hidden data handling in the reviewed artifact.

Use this as a guidance-only skill for Amazon storefront design and marketing recommendations. Do not provide Amazon credentials, seller tokens, API keys, cookies, or account sessions, because the skill does not need them. If using the npx install command, verify the Nexscope source/package first.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The usage trigger phrase is broad enough to match ordinary user requests about Amazon storefront help, which can cause the skill to activate unintentionally in contexts where the user did not explicitly intend to invoke it. Overly generic activation language increases the risk of skill routing conflicts, prompt hijacking via ambiguous invocation, and accidental disclosure of user context to a skill that was not deliberately selected.

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal