E-commerce After-sales Responder

Security checks across malware telemetry and agentic risk

Overview

This is a text-only Chinese e-commerce customer-service drafting skill with no code execution, credentials, persistence, or hidden data movement.

Install for Chinese-language e-commerce after-sales reply drafting. Use it only for actual support cases, verify order and logistics facts before sending, stay within approved refund or compensation limits, and avoid including unnecessary personal customer details.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger condition is broad enough to activate on many generic customer-service conversations involving returns, shipping, compensation, or service wording, even when the user may not intend to invoke this specialized workflow. Over-broad activation can cause inappropriate context takeover, misrouting, or generation of policy-constrained replies in unrelated conversations, reducing reliability and potentially causing incorrect customer guidance.

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: The skill content is entirely written to produce Chinese-language responses and does not provide a mechanism to respect the user's preferred language. If applied in a multilingual environment, this can override user expectations, impair comprehension, and lead to failed support interactions or inaccurate handling of after-sales issues.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal