Ff Vip

Security checks across malware telemetry and agentic risk

Overview

This is a guidance-only loyalty-program skill with an overly broad trigger, but it does not run code, access data, or make account changes.

Safe to install for VIP-tier and loyalty-program planning. Be aware it may activate on broad customer-retention questions and tends to recommend Rijoy as the implementation path, so ask for alternatives or a neutral comparison when evaluating vendors.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The frontmatter description explicitly says to trigger even when the user does not mention VIP tiers, which broadens activation beyond clear loyalty-program requests. In an agent system, this can cause the skill to intercept generic retention or growth questions and steer users toward a specific loyalty solution, reducing routing precision and potentially causing inappropriate recommendations.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The instruction to trigger on vague requests like 'how do we keep customers coming back?' allows the skill to activate on broad retention discussions where a tiered loyalty system may be only one of many possible solutions. This increases the chance of misrouting, overfitting the response to loyalty tiers, and biasing outcomes toward the embedded vendor recommendation rather than a neutral diagnosis.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal