Homepage Audit

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill gives a normal homepage conversion-audit checklist, with only minor privacy caution around sharing URLs for review.

Install is reasonable for reviewing public homepages and landing pages. Treat the author’s strategy-call link as advertising, and only provide URLs, screenshots, or page copy that you are comfortable having processed by the agent and any tools it uses.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 82% confidence
Finding: The skill asks users to provide a URL for web fetch without warning that submitting a URL may disclose private, internal, staging, or otherwise sensitive pages to external systems. In a security context, this can lead to unintended sharing of confidential URLs or content, especially when users do not realize the privacy implications of remote fetching.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal