Page CRO

Security checks across malware telemetry and agentic risk

Overview

This is a simple landing-page audit skill that tells the agent to fetch a page and provide conversion advice, without code, persistence, credentials, or mutation authority.

Install this if you want help reviewing landing or product pages for conversion issues. Be cautious with private or internal URLs, since the skill’s normal function is to fetch and analyze the page you provide.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger list includes very broad, natural-language phrases such as "audit this page" and "why isn't this converting," which are likely to appear in ordinary user conversation and can cause unintended invocation. In a skill that fetches and analyzes arbitrary URLs, accidental activation can lead to unexpected external requests, unintended processing of sensitive/internal pages, or execution in contexts where the user did not explicitly consent to a CRO audit.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal