Back to skill

Security audit

alexey-marketing-growth-playbook

Security checks across malware telemetry and agentic risk

Overview

This is a mostly advisory marketing playbook, but it gives an agent under-scoped authority around ad accounts, social publishing, and large-scale third-party content collection.

Install only if you want a marketing-advice skill and keep it in draft/recommendation mode by default. Do not let it directly modify ad campaigns, change budgets, publish or schedule social posts, scrape third-party content, share remarketing audiences, or instrument user tracking unless a human reviews the exact action, account, budget, audience, consent basis, and platform-policy impact first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill goes beyond normal social-content assistance by explicitly instructing collection of 500-1000+ posts from other users and recommending scraping tools such as Apify and Phantom Buster. That creates a meaningful data-harvesting capability that could violate platform terms, enable non-consensual mass collection of user content, and normalize operational misuse under the guise of marketing research.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.