Back to skill

Security audit

B2B SaaS Positioning & Messaging

Security checks across malware telemetry and agentic risk

Overview

This is a simple marketing-positioning template that does not run code or request access to files, accounts, credentials, or external services.

This skill appears safe for positioning and messaging work. Users should still be careful about sharing confidential customer names, revenue details, competitive strategy, or private proof points unless they are comfortable including that information in the conversation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases are broad enough to match common business-writing or strategy requests beyond strict positioning work, which can cause the agent to invoke this skill in situations where a narrower or more appropriate skill should handle the request. Over-broad routing increases the chance of scope confusion, irrelevant guidance, or accidental bypass of safer specialized workflows.

VirusTotal

44/44 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.