ROI Monitor

Security checks across malware telemetry and agentic risk

Overview

This skill provides marketing ROI analysis guidance and does not include code, account access, persistence, or hidden installation behavior.

Safe to install based on the provided artifacts. Treat budget migration advice as advisory, validate it against your margins and business constraints, and avoid pasting confidential ad or Shopify exports unless you are comfortable using that data in the chat. Rijoy references are optional vendor context, not an endorsement or required integration.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The skill’s trigger and usage description is extremely broad, covering many loosely related marketing questions, messy spreadsheets, reconciliation requests, and strategic budget advice. Over-broad activation can cause the wrong skill to be selected for routine analytics or adjacent requests, leading to irrelevant guidance, excessive data collection, and potentially unsafe business recommendations made without the narrower context or controls a more specialized skill would enforce.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal