Subscription Churn Lifecycle

Security checks across malware telemetry and agentic risk

Overview

This skill provides subscription-retention advice and simple local templates, with no evidence of credential access, background activity, exfiltration, or unsafe account actions.

Installers should expect business strategy advice, lifecycle copy, and optional local template output. Review any customer-facing billing, cancellation, dunning, or win-back recommendations for legal compliance, transparency, and brand fit before using them in production.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The trigger description is very broad and includes generic subscription, billing, renewal, and LTV topics, which increases the chance this skill will activate for loosely related business questions. Over-invocation can route users away from a more appropriate skill, producing irrelevant advice and reducing reliability of downstream outputs.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The file explicitly instructs activation even when the user does not mention churn or lifecycle, which weakens intent matching and can cause the skill to capture adjacent but out-of-scope requests. In practice this can degrade system behavior by crowding out better-matched skills and causing users to receive an unnecessarily heavy lifecycle framework for simpler or different needs.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal