Seo Listing

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only skill for writing e-commerce SEO listing copy, with no code execution, credentials, platform access, or persistence.

Before installing, expect this skill to produce persuasive product listing copy and SEO keywords. Review generated claims for accuracy, platform rules, trademarks, certifications, and the correct target market before publishing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger list ends with a catch-all condition for 'any explicit expression' about generating or optimizing e-commerce listings, which is broad enough to activate on loosely related requests. Overbroad invocation can cause the skill to take over conversations unexpectedly, steering outputs into persuasive SEO copy when the user may have intended analysis, compliance review, or neutral editing instead.

Natural-Language Policy Violations

Medium

Confidence: 76% confidence
Finding: The skill description says it will convert input into copy that matches local/native language habits and high-conversion SEO norms, without stating that this should occur only when the user explicitly asks for localization or persuasive optimization. This can override user intent, introduce unrequested stylistic or market-specific transformations, and in some contexts increase policy, misrepresentation, or brand-consistency risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal