Back to skill

Security audit

Engagement Analytics Skill

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only analytics skill whose privacy-sensitive tracking guidance is disclosed and aligned with its stated purpose, but users should apply consent, minimization, and credential controls before using the examples.

Safe to install as reference material, but do not deploy the sample tracking code verbatim. Add consent checks before collection, avoid sensitive form-field tracking, minimize or hash identifiers, document retention and deletion flows, use least-privilege provider credentials, and confirm that sending comments or profile data to third parties is allowed by your policies and applicable privacy laws.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger scope is extremely broad and includes generic phrases like "track user behavior," "measure engagement," and "how do I measure X," plus an instruction to "Always use this skill." This can cause the skill to activate in contexts where analytics guidance is not appropriate, increasing the chance of unnecessary data-collection advice, privacy-sensitive recommendations, or routing away from safer, more specialized skills.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document extensively instructs collection of per-user email engagement, website behavior, attribution, and profile-level scoring, but it does not mention consent, lawful basis, notice, retention limits, or regional privacy requirements. In an analytics-tracking skill, this omission is material because implementers may deploy invasive tracking patterns such as anonymous backfill, cross-platform attribution, and engagement scoring without necessary user disclosures or opt-in controls.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document provides ready-to-use SDK examples that set user IDs, user properties, attribution data, and behavioral events to third-party analytics services, while only mentioning privacy considerations later and without making consent gating a prerequisite in the implementation guidance. In a skill explicitly intended to be reused for tracking implementations, this omission can lead developers to deploy privacy-noncompliant analytics collection by default, especially in regulated jurisdictions or when tracking cross-device identity and attribution data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The example sends raw social media comments to Anthropic for sentiment analysis, which is a third-party data transfer that may include personal data, sensitive opinions, usernames, or other user-generated content. In an analytics skill, this is risky because it normalizes exporting user content off-platform without disclosure, minimization, consent checks, or privacy controls.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guidance explicitly recommends collecting session identifiers, hashed user identifiers, referrer/UTM data, landing pages, device characteristics, browser user agent, and OS on every page load, but provides no privacy gating, consent checks, retention limits, or minimization guidance. In an analytics skill, this is especially risky because users may implement it verbatim, resulting in undisclosed cross-session behavioral tracking and linkage to user accounts without considering legal or policy requirements.

Missing User Warnings

High
Confidence
98% confidence
Finding
The form abandonment example records detailed field interaction history (`last_field_touched`, `fields_touched`, `fields_count`) and transmits it on unload, which can reveal sensitive user behavior around login, health, financial, contact, or other regulated forms even if raw values are not captured. In the context of an engagement-tracking skill, this is more dangerous because it presents a ready-to-deploy implementation without guardrails to exclude sensitive forms/fields, obtain consent, or prevent accidental collection of regulated interaction metadata.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The section encourages persistent user-level profiling through properties such as LTV, engagement score, acquisition source, conversion status, cohort month, and feature usage score, but omits warnings about profiling, user expectations, access controls, and compliance obligations. This creates a real risk of over-collection and opaque behavioral profiling, particularly because the skill is explicitly designed to help implement engagement tracking at scale.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.