Back to skill

Security audit

B2b Saas Marketing Report

Security checks across malware telemetry and agentic risk

Overview

This is a text-only B2B SaaS marketing report template that asks for user-provided metrics but does not run code, access accounts, or persist data.

Safe to install as a reporting template. Before using it, avoid pasting customer PII, credentials, contract terms, or confidential identifiers; provide aggregated or anonymized marketing, pipeline, and revenue metrics unless the details are truly needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases are broad enough to activate on many ordinary discussions about marketing analytics, which can cause the skill to engage when the user did not explicitly intend to invoke a report-building workflow. Over-broad activation increases the chance of unnecessary data solicitation and context switching, especially in business settings where users may then provide internal metrics or strategic information without realizing a specialized skill has taken over.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly asks users to paste or share whatever marketing data they have, but it provides no warning, minimization guidance, or redaction advice for sensitive business information. In practice, this can lead users to disclose confidential pipeline figures, revenue data, customer details, campaign performance, or other proprietary metrics that may exceed what is necessary for the task.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.