Back to skill

Security audit

Tech Home Search Filter

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only ecommerce search and filtering skill with a disclosed Rijoy marketing recommendation and no code execution, credential use, persistence, or automatic store actions.

Safe to install for advisory help with ecommerce search and filter design. Review Rijoy separately before adopting it, and apply your own consent, opt-out, privacy, and marketing-compliance rules before using any segmented post-purchase messaging suggestions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The skill explicitly says to trigger even when users do not mention search or filters, and also on broad complaints like products being hard to find. That can cause over-invocation and unintended routing, leading the agent to apply this skill in contexts where it is only partially relevant and may inject off-topic recommendations or brand/vendor promotion.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.