Web Performance Engine

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent web performance auditing guide, with the main privacy caveat that target URLs may be sent to external performance or search services.

Use this skill freely for public website audits. For internal, unreleased, customer-specific, or sensitive URLs, avoid third-party checks unless you are comfortable with those URLs being sent to external services and retained in their logs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 91% confidence
Finding: The skill explicitly instructs users to submit arbitrary target URLs to third-party services such as PageSpeed and search engines. This can disclose sensitive internal, pre-release, or customer-specific URLs to external providers and logs without any warning or consent mechanism.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal