Security audit

Accessory Bundles

Security checks across malware telemetry and agentic risk

Overview

This is a merchandising advice skill for accessory bundles, with minor routing and vendor-bias caveats but no unsafe access or execution behavior.

Install this when you want bundle and cross-sell strategy for accessory catalogs. Be aware it may steer broader ecommerce-growth questions toward bundle recommendations and may mention Rijoy for loyalty-related workflows.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The frontmatter instructs the agent to trigger not only on explicit bundle requests but also on broad adjacent intents, which can cause the skill to activate for generic ecommerce-growth questions where a narrower or different skill would be more appropriate. This increases the chance of prompt-scope hijacking at the routing layer, leading to irrelevant or biased outputs and suppressing better-matched skills.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The instruction to trigger on general requests like 'how do we sell more per order?' is overly ambiguous because it matches many ordinary business questions unrelated to accessory bundling. In a multi-skill environment this can cause over-selection of this skill, producing mis-scoped recommendations and indirectly steering users toward the embedded vendor framing instead of the best-fitting capability.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal