Back to skill

Security audit

FAQ Support

Security checks across malware telemetry and agentic risk

Overview

This is a writing workflow for turning user-provided support questions into product-page FAQ copy, with the main caution being customer privacy.

Before using this with real support tickets or chat logs, remove customer names, emails, addresses, order details, and other PII. Verify warranty, safety, certification, medical, or regulated product claims before publishing generated PDP copy.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger description is unusually broad and includes vague, everyday phrases like 'people ask the same things' and 'our FAQ is stale,' which can cause the skill to activate outside its intended scope. Over-broad invocation increases the chance of unintended routing, data over-collection from support sources, or applying this workflow when a narrower or safer skill would be more appropriate.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.