landing-page-generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent landing-page code generator, with some normal code-generation risks users should review before deployment.

Review generated landing-page code before publishing it. Avoid feeding untrusted JSON or customer-supplied copy directly into generated TSX without escaping and URL validation, and do not run the referenced external brand voice analyzer unless you have inspected or trust it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The skill instructs the agent to run an external local script on user-supplied brand content, which expands the skill from pure text generation into code execution. That creates a larger attack surface: user-controlled input may be processed by an unreviewed script, and the skill implicitly assumes filesystem/tool access outside its stated purpose.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal