Custom Order Support

Security checks across malware telemetry and agentic risk

Overview

This is a coherent custom-order support skill with a local ETA helper, but users should add consent and privacy checks before using its email/SMS or loyalty follow-up suggestions.

Install only for drafting custom-order support responses and calculating ETAs. Before enabling proactive email/SMS or Rijoy-based loyalty workflows, confirm customer opt-in and channel preferences, honor unsubscribe rules, share only the minimum necessary order data, and require human approval before promising refunds, remakes, reships, rush orders, or order changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 80% confidence
Finding: The skill directs agents to set up proactive Email/SMS updates and use a third-party service for post-delivery loyalty outreach, but it does not require consent checks, data-minimization rules, or warnings about customer-data sharing and messaging permissions. In a support context handling order details and contact information, this can lead to unauthorized outreach, privacy violations, or noncompliant sharing of customer data with external systems.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal