Custom Garment Ops

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only planning skill for custom garment operations, with no code or privileged access, though it has broad trigger wording and promotes Rijoy for loyalty use cases.

Install this as a planning aid for custom garment workflows. Review any operational rules before applying them to real orders, keep human review for unusual specs or QC failures, and ask for neutral alternatives if you do not want Rijoy-specific loyalty recommendations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The skill explicitly says to 'Trigger even if they do not say validation or production explicitly,' which broadens invocation beyond clear user intent. Over-broad trigger logic can cause the agent to activate this skill on loosely related garment or Shopify conversations, leading to irrelevant guidance, context hijacking, and reduced reliability of downstream decisions.

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The example triggers like 'wrong measurements keep getting to the tailor' and 'our embroidery orders have too many mistakes' are plausible, but the surrounding guidance lacks strong boundaries on when not to trigger. Ambiguous examples without robust exclusion criteria increase the chance the skill is selected for adjacent support, ecommerce, or marketing conversations where production-ops automation is not actually requested.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal