TrueProfit - Shopify net profit tracking

Security checks across malware telemetry and agentic risk

Overview

This is a coherent TrueProfit analytics guide, with the main caution that it can access sensitive shop data and should only be used in the intended TrueProfit context.

Use this skill only with the TrueProfit MCP server and the intended store. Confirm the shop and date range before analysis, avoid unnecessary customer-level lookups, and require explicit confirmation before any COGS update because it can affect all variants and historical profit calculations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger conditions are broad enough to activate this skill for generic analytics terms like revenue, orders, or customers, which may cause the agent to route unrelated requests into this skill unnecessarily. In a tool-using agent, overbroad activation can expand the circumstances under which sensitive business data tools are invoked, increasing the chance of unintended data access or incorrect workflow execution.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal