brand-guidelines

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-only brand-guidelines helper; its broad triggers may be annoying, but the artifacts do not show hidden, destructive, or sensitive behavior.

Reasonable to install for brand-guideline work. Review any local `.claude/product-marketing-context.md` before use because the skill may draw on it, and verify bundled brand-reference details against current official sources for public or compliance-sensitive materials.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill description and trigger phrases are broad enough to match many generic design, style, or marketing requests, which can cause the skill to activate outside its narrow intended purpose. Over-broad routing is dangerous because it can override more appropriate skills, inject irrelevant instructions, and increase the chance that downstream file reads or brand-specific guidance are applied in the wrong context.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The proactive triggers instruct the agent to apply this skill for very common situations like any visual asset request, copy review, new channel launch, or design feedback, without strong gating conditions. This materially increases unintended invocation risk and can lead to unnecessary context loading, incorrect tool/skill precedence, and brand-governance behavior being imposed on ordinary tasks.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal