Back to skill

Security audit

Prd Assistant Tob Saas

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent PRD-writing and review assistant for ToB SaaS work, with no evidence of hidden data collection, credential use, destructive actions, or unsafe persistence.

Before installing, be aware that this skill may read PRD documents, reference materials, and screenshot paths you provide so it can analyze and improve product requirements. Use it for ToB SaaS PRD workflows, avoid handing it unrelated sensitive documents, and review generated business, compliance, and competitor-analysis recommendations before acting on them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The activation description is very broad and lacks explicit boundaries, so the skill may be invoked for loosely related product-planning requests outside its intended domain. Over-broad routing can cause unintended context capture, incorrect tool selection, or misuse of specialized guidance in situations where different safeguards should apply.

Vague Triggers

Medium
Confidence
91% confidence
Finding
Scene selection is driven by generic keywords like '优化', '评审', and '分析', which are common across many unrelated requests. Ambiguous keyword triggers can activate the skill in the wrong context, leading to inappropriate handling of user inputs, overreach into documents or screenshots not meant for this workflow, and reduced reliability of any downstream analysis.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.