Back to skill

Security audit

UI Design System

Security checks across malware telemetry and agentic risk

Overview

This is a design-methodology skill with broad but disclosed UI/UX guidance and no code, credential use, or hidden execution behavior.

This skill appears safe to install as an instruction-only UI/UX design helper. Expect it to influence design-related requests broadly; use explicit wording when you want or do not want the full methodology applied. Treat the external AfrexAI context-pack link like any third-party commercial link, and avoid giving private user data or sensitive screenshots unless needed for the design task.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger phrase "Design a [type] page for [audience]" is broad and resembles ordinary user requests, so the skill may activate in situations where the user did not intend to invoke this full methodology. That can cause unintended prompt capture, override more specific agent behavior, or inject extensive instructions into unrelated design conversations.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The phrase "Make this responsive" is highly generic and could appear in many normal UI discussions, making accidental activation likely. If automatically bound to the skill, it may cause the agent to apply a large design-system workflow when the user only wanted a small code or layout adjustment.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger "Dark mode this" is a short common phrase with no activation boundaries, so it can collide with ordinary requests in general design or frontend support contexts. This increases the chance that the skill injects broad prescriptive behavior unexpectedly, affecting agent reliability and user intent matching.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The phrase "Improve the typography" is a common design critique request and is too generic to safely serve as an activation trigger. In a multi-skill environment, this can lead to overbroad routing, unintentional skill activation, and confusing or excessive responses that do not align with the user's intended scope.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal