Marketing Plan

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward marketing-plan skill that uses disclosed web research and local Word document generation, with ordinary privacy and file-write cautions.

Before using it, avoid putting confidential launch plans, private budgets, or unreleased product strategy into web searches. Review the generated Python and output filename so it does not overwrite an existing document, and verify the python-docx dependency source/version in your environment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill advertises web research but does not warn that user-supplied business details may be sent to external search or browsing services. This can lead to unintended disclosure of confidential product plans, budgets, timelines, or strategy information during normal use, especially in enterprise contexts where those details are sensitive.

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The skill states that it generates Word documents but does not warn users that local `.docx` files may be created or overwritten. This can cause accidental data loss, confusion about file locations, or unintended writes in shared or sensitive working directories if the output path is not clearly controlled.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal