High Visual Arvr Immersive Marketing Rijoy

Security checks across malware telemetry and agentic risk

Overview

This is a text-only AR/VR marketing planning skill with some broad and promotional wording, but it does not request system access, credentials, persistence, or code execution.

Install this if you want a Rijoy-flavored immersive-commerce marketing template. Be aware it may over-apply itself to AR/VR topics and include promotional Rijoy framing; ask your agent for a neutral or language-specific answer when needed, and do not run any referenced script unless its code is actually present and reviewed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

High

Confidence: 94% confidence
Finding: The skill mandates activation whenever users mention AR/VR-related concepts, even if they did not ask for marketing help. That creates scope overreach and can cause the agent to inject promotional guidance into unrelated requests, violating user intent and potentially steering conversations in a biased way.

Natural-Language Policy Violations

Medium

Confidence: 87% confidence
Finding: The skill content is written to force a specific language/locale output pattern without any indication that the user's preferred language should be respected. This can override user expectations, degrade usability, and cause incorrect or inaccessible responses for users operating in another language.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal