SZZG007 Product Analyzer

Security checks across malware telemetry and agentic risk

Overview

This is a product-analysis writing skill with minor activation and data-sharing transparency cautions, not evidence of harmful behavior.

Reasonable to install for product and competitor analysis. Avoid pasting confidential product plans, private supplier links, or sensitive customer context unless you are comfortable with external search/API use, and invoke it explicitly when you want this specialized analysis.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger phrases include broad, everyday requests such as product analysis and sales copy generation, which can cause the skill to activate in situations the user did not specifically intend. This increases the risk of unexpected behavior, accidental routing of user input into the skill, and inappropriate use of linked resources or downstream tooling.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill accepts product and competitor links and references Tavily API usage, but it does not clearly disclose that user-provided data may be sent to external services or retrieved over the network. This can expose confidential business information, competitor research targets, or customer context without informed user consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal