market-sizing

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only market-sizing research workflow with broad activation wording but no hidden code, credential use, persistence, or destructive authority.

Safe to install for structured market-sizing work. Review outputs carefully for source quality and assumptions, and be aware the skill may activate on broad market-opportunity wording when a shorter business-strategy answer was intended.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The metadata description says to use this skill for any request about market size across many industries, which creates a very broad activation surface. Over-broad routing can cause the agent to invoke this skill in loosely related business discussions, leading to unnecessary external research, off-target outputs, or unintended disclosure of user context to tools/data sources used during market analysis.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger list uses keyword-style conditions like 'market size' and 'How big is the market for X' without boundaries, disambiguation rules, or exclusion cases. In an agentic system, this ambiguity increases accidental invocation risk during general conversations, which can degrade behavior, waste tokens/tool calls, and steer the assistant into producing speculative market-sizing workflows when the user wanted a simpler answer.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal