Security audit

Yunlv Pod Templates

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed POD template and listing-copy helper; its external API/key use is purpose-aligned and no hidden automation or destructive behavior is evident.

Install if you want a POD template and listing-copy assistant and are comfortable providing a TRADEGPT_API_KEY. Avoid sending confidential shop strategy or personal data to the external API, and manually review generated designs, copyright risk, pricing, and platform compliance before using the output.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger list is broad enough that ordinary POD-related requests may activate this skill even when the user did not ask for a template-pack workflow. Over-broad activation can cause inappropriate skill selection, leading to irrelevant outputs, accidental disclosure of connected capability metadata, or unnecessary invocation of the external API described in the skill.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal