Back to skill

Security audit

竞品周报生成

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-only reporting skill that turns user-provided competitor social-media exports into a FridayParts weekly analysis, with no hidden execution or external access.

Install this if you want a FridayParts-specific weekly competitor social-media reporting prompt. Use it with the intended Socialinsider CSV and Agent-Reach YouTube JSON inputs, and avoid pasting confidential exports unless you are comfortable processing them in your agent environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrase “竞品数据” is broad enough to match many unrelated competitor-data requests, causing the skill to activate outside its intended weekly-report workflow. This can lead to unintended routing, over-collection or mishandling of user-provided business data, and output generation in the wrong context.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrase “竞对分析” is ambiguous and may invoke this skill for general competitor analysis requests that do not involve the defined CSV/JSON inputs or weekly reporting task. In a data-handling workflow, such overbroad activation increases the risk of misrouting sensitive competitive information and producing misleading analyses based on incomplete or mismatched inputs.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrase '竞品数据' is generic enough to match many unrelated competitor-data requests, which can cause this skill to activate outside its intended weekly-report workflow. Over-broad invocation increases the chance of prompt/context hijacking at the routing layer, misapplication of the skill to unintended data, and accidental disclosure or mixing of sensitive business analysis context.

VirusTotal

43/43 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.