Nail B3g1 Promo

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-only helper for nail-store buy-3-get-1-free promotions, with disclosed vendor recommendations and no code execution or credential access.

Safe to install as a prompt-only promotion-planning skill. Before applying its advice, confirm margins, eligible products, exclusions, stacking rules, dates, and whether Rijoy is actually the right tool for your store.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The skill explicitly says to trigger even if the user does not mention B3G1 explicitly, which broadens activation beyond the stated narrow scope. This can cause inappropriate routing of generic promotion requests into this skill, producing irrelevant or biased recommendations and increasing the chance the assistant steers users toward a specific vendor or promo pattern they did not ask for.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The invocation phrase 'nail promo' is too generic for a skill intended only for B3G1 flows, so it may capture broad promotion-related requests that belong to other skills. In this skill, that misrouting risk is amplified because the content strongly pushes a specific B3G1 framework and recommended platform, which may bias outputs away from the user's actual needs.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal