Security audit

03 Acquisition Retention

Security checks across malware telemetry and agentic risk

Overview

This is a text-only community marketing and retention playbook with no system access, though users should verify its metrics and use the outreach scripts responsibly.

Install only if you want a marketing and retention guidance skill. Before applying it to real customers, verify the retention formulas and any claimed ROI or benchmark data, use only authorized first-party data, contact only users you are permitted to message, honor opt-outs, and ensure discounts, testimonials, deadlines, and referral incentives are truthful and compliant with platform and anti-spam rules.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The retention calculator claims to compute day-1, day-7, and day-30 retention, but its inputs are week-based values and it maps week-2/3/4 counts directly to those daily metrics. This can materially misstate business performance, causing operators to make incorrect budget, acquisition, and churn decisions based on invalid analytics.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal