Back to skill

Security audit

B2b Saas Case Study

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a customer story or case-study writing aid, with only a low-risk concern that its trigger wording may be too broad.

Install this as a writing helper, but be aware it may activate for general customer notes or outcome summaries; provide explicit instructions when you do not want case-study formatting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list is broad and includes common phrases like 'customer outcome' and 'write up this customer,' which can cause the skill to activate for loosely related requests rather than explicit case-study tasks. This is not inherently malicious, but over-triggering can route user requests into the wrong workflow, producing irrelevant outputs or causing accidental use of customer-story formatting on content that was not intended for that purpose.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.