Back to skill

Security audit

B2b Saas Product Launch

Security checks across malware telemetry and agentic risk

Overview

This appears to be a launch-planning guidance skill with an over-broad activation concern, but no evidence of hidden access, persistence, credential use, or harmful behavior.

Install only if you want launch and go-to-market planning help. Be aware it may trigger on nearby product-planning or release discussions, so check that its advice is relevant before using it for non-launch work. VirusTotal was still pending and no artifact-backed negative signal was supplied.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases and description are broad enough to activate on general product-planning or release-related conversations that are not actually launch-planning tasks. Over-broad routing can cause the wrong skill to take control, leading to irrelevant guidance, missed user intent, and potentially disclosure of launch-oriented messaging or coordination content in contexts where it is not appropriate.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.