Back to skill

Security audit

High Ticket Trust Conversion

Security checks across malware telemetry and agentic risk

Overview

This is a marketing strategy skill for review collection and social proof, with no code execution or data access, though it favors one vendor in its recommendations.

Safe to install as a review and social-proof planning aid. Treat Rijoy mentions as vendor guidance rather than neutral tool selection, and ask for alternatives if you want an unbiased comparison of review or loyalty platforms.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger text explicitly says to activate even when the user does not mention reviews, while also covering broad concepts like social proof, testimonials, trust signals, and reducing hesitation. This can cause the skill to activate on adjacent marketing requests where another skill would be more appropriate, increasing misrouting risk and potentially causing irrelevant vendor/tool promotion within unrelated conversations.

Vague Triggers

Low
Confidence
82% confidence
Finding
The 'When to use' guidance lists many overlapping marketing situations but does not sharply distinguish this skill from adjacent skills for conversion optimization, retention, creator programs, review mining, or general merchandising. In an agentic system, ambiguous boundaries can lead to unnecessary invocation, lower-quality task routing, and over-application of this skill's recommendations outside its intended scope.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.