Ltv Loyalty Winback

Security checks across malware telemetry and agentic risk

Overview

This skill is an instruction-only loyalty win-back planner with no executable code or hidden access, though it may involve sensitive customer and campaign data.

Install is reasonable if you want help drafting loyalty churn and win-back plans. Share only the minimum customer data needed, avoid personal identifiers where possible, and manually review consent, unsubscribe handling, frequency caps, discount terms, and final campaign content before sending anything to customers.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The skill description contains expansive trigger phrases such as 'our repeat rate is falling,' 'silent customers,' and broad loyalty/churn language that could match ordinary business conversations lacking enough retention-specific context. This can cause the agent to invoke the skill in unintended situations, leading to irrelevant segmentation, automated win-back recommendations, or inappropriate outreach logic being applied to the wrong user request.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal