Back to skill

Security audit

Competitive Intelligence & Market Research

Security checks across malware telemetry and agentic risk

Overview

This appears to be a market-research guidance skill, with one overbroad activation setting but no evidence of malware, data theft, destructive behavior, or hidden high-impact access.

Install only if you want competitive-intelligence and market-research guidance available to your agent. Be aware that the reported always-on activation may cause the skill to be considered outside explicit market-research tasks, so users who prefer tighter routing should disable or edit that setting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

High
Confidence
96% confidence
Finding
The manifest sets `always: true`, which causes this skill to be considered in every interaction rather than only when the user explicitly requests competitive-intelligence help. Over-broad activation increases the chance the skill's guidance influences unrelated tasks, expands attack surface, and can create prompt-injection or policy-conflict risks if the skill content is ever unsafe or simply context-inappropriate.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.