Business Plan Writing

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward business-plan writing skill with no executable code, persistence, credential access, or hidden behavior.

This skill is reasonable to install if you want structured business plans. Be aware it may activate for some broad planning phrases, and it may use web/search tools to gather public market and competitor data for citations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill’s trigger phrases are broad and include generic terms such as "project plan" and "business proposal," which can cause the skill to be invoked for requests outside its intended scope. This can lead to unintended routing, user confusion, or inappropriate application of the skill in contexts where a business-plan generator is not the right tool.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal