Back to skill

Security audit

alexey-marketing-skills

Security checks across malware telemetry and agentic risk

Overview

This is mostly a text-only marketing playbook, but some modules imply publishing posts or changing ad campaigns and give privacy-sensitive tracking/scraping advice without enough user-control safeguards.

Install only if you want broad marketing playbooks and will keep the agent in advisory/draft mode for ads, analytics, email, and social posting. Before allowing connected-account actions, require explicit approval for every publish, schedule, campaign edit, targeting change, or budget change, and review privacy, consent, platform terms, and scraping rules for any tracking or data-collection tactic.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (15)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill explicitly instructs users to collect 500-1000+ posts and recommends third-party scraping and automation tools such as Apify and Phantom Buster. In a social-content skill, this expands from benign content strategy into operational guidance for bulk data extraction that may violate platform terms, privacy expectations, or enable account abuse at scale.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly recommends sending identifiers like user_id and account_id to analytics systems while only briefly noting 'Avoid PII in properties.' It does not clearly warn that analytics events are transmitted to third-party platforms, that identifiers can still be personal data under privacy law, or that consent and minimization are required before implementation, creating a real privacy/compliance risk.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The manifest description contains very broad trigger phrases such as general requests for competitor comparisons, alternative pages, and vs pages. In an agentic routing system, this can cause the skill to activate for loosely related user requests, leading to overbroad delegation, unintended prompt capture, and reduced reliability of downstream behavior even though the content itself is not overtly malicious.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The manifest description contains broad activation phrases such as 'edit this copy,' 'review my copy,' 'make this better,' and 'proofread,' which are common in ordinary user requests. If skill routing relies heavily on substring matching, this can cause over-triggering and unintended invocation of the skill in contexts where the user did not explicitly want this specialized workflow, potentially hijacking or biasing the assistant's behavior.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The manifest description contains very broad trigger phrases such as 'write copy for,' 'improve this copy,' and 'headline help,' which can overlap with many ordinary writing requests. This can cause the skill to be invoked outside its intended marketing-copy context, leading to misrouting, over-application of persuasive copywriting behavior, or accidental interception of requests better handled by other skills.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger description is extremely broad, covering many common email-related phrases without strong scoping constraints. This can cause the agent to invoke the skill for generic email requests where lifecycle marketing automation is not appropriate, leading to misrouting, over-collection of context, or generation of unsolicited marketing tactics outside the user's intent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill recommends behavior-based targeting, inactivity monitoring, usage tracking, and personalized outreach without any guardrails around consent, lawful basis, data minimization, or sensitive-data handling. In practice, this could lead downstream agents or users to design campaigns that violate privacy expectations or regulatory requirements, especially when using engagement or product-usage data for automated messaging.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The description includes many broad trigger phrases such as generic marketing terms and common tool categories, which can cause the skill to activate in contexts where the user did not specifically want this capability. Over-broad activation can lead to inappropriate routing, irrelevant guidance, and accidental overshadowing of more suitable skills, though it does not directly introduce code execution or data exfiltration risk in this file.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The manifest description includes very broad trigger phrases such as 'marketing ideas,' 'how to market,' and 'ways to promote,' which can cause the skill to activate for generic business-advice requests outside its intended scope. Over-broad routing increases the chance that this skill is selected when a more specialized or policy-constrained skill would be safer or more appropriate, leading to misapplication and reduced control over agent behavior.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill recommends tactics like pixel sharing, retargeting, dynamic email capture, and click-to-messenger flows without any privacy, consent, or legal-compliance caveats. In practice, users may implement cross-company audience sharing or behavioral tracking in ways that violate privacy law, platform rules, or user expectations, making the advice operationally risky despite being framed as marketing guidance.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The manifest description uses very broad trigger terms such as 'psychology,' 'decision-making,' and 'consumer behavior,' which can cause this skill to activate for many unrelated user requests. Over-broad activation is dangerous because it can inappropriately steer conversations toward persuasion-oriented marketing advice when the user intended a different domain, increasing the chance of misrouting, irrelevant guidance, or manipulative framing being injected into otherwise harmless requests.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill explicitly frames the agent as having direct access to ad platform accounts and focuses on creating, optimizing, and scaling campaigns, but it provides no guardrails for spend-affecting or account-changing actions. In a system where the agent can actually execute actions, this could lead to unauthorized budget changes, campaign launches, targeting modifications, or policy-impacting edits without explicit user confirmation.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger description is overly broad and includes common phrases like "location pages," "comparison pages," and "integration pages" that can arise in many adjacent contexts, causing this skill to be selected when a more specialized or safer skill would be more appropriate. Overbroad invocation increases the chance of context confusion, lower-quality guidance, and unintended execution pathways in agent systems that auto-route based on description text.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger description is overly broad and can cause this skill to activate for generic discussions about signup, registration, or account creation without enough routing constraints. That can lead to inappropriate skill selection, reducing reliability and potentially causing the agent to provide conversion-optimization guidance when the user needed a different domain-specific or safer workflow.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The skill claims direct access to a scheduling platform that publishes to major social networks but does not require confirmation, preview, or user warning before potentially account-affecting actions. In an agent setting, this can lead to unintended posting, reputational harm, or misuse of connected brand accounts if the skill is invoked ambiguously or manipulated by prompt context.

VirusTotal

39/39 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.