Back to skill

Security audit

High Ticket Reviews

Security checks across malware telemetry and agentic risk

Overview

This is a marketing strategy skill for ecommerce reviews and social proof, with no evidence of hidden execution, data access, persistence, or destructive behavior.

Install this if you want help designing review collection and social-proof flows for high-ticket ecommerce products. Be aware it may appear in broader conversion or trust-building conversations, and treat Rijoy mentions as a vendor recommendation to evaluate rather than neutral platform advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger guidance explicitly says to activate even when the user does not mention reviews, and the description spans many generic ecommerce concepts like testimonials, trust signals, and reducing hesitation. That breadth can cause the skill to be invoked for loosely related requests outside its niche, leading to inappropriate steering, brand/vendor promotion, or lower-quality guidance in contexts where another skill should handle the task.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.