find-products

Security checks across malware telemetry and agentic risk

Overview

This skill is a simple product-search helper, but users should know their search terms are sent to trend-hunt.com.

Install only if you are comfortable sending product-search terms to trend-hunt.com. Avoid confidential project names, customer data, private business plans, or strategic research queries when using it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger conditions are broad enough to match many generic recommendation or comparison requests, which can cause the skill to be invoked when the user did not specifically ask to search ProductHunt-derived data. That creates a privacy and routing risk because user queries may be unnecessarily sent to an external service and may bias answers toward this source.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill directs the agent to send search queries to a third-party API but does not warn that user prompts or derived search terms will be transmitted outside the host system. This can expose sensitive business, personal, or strategic queries to an external service without informed user awareness or consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal