analyze frontend structure

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only frontend project mapping helper that may reveal project structure, but its behavior is disclosed and no hidden code, credentials use, or destructive actions were found.

Install only if you want an agent to inspect a frontend project’s routing and component structure. Point it at the specific project folder, not a home directory or unrelated repository, and review the generated mapping before sharing it because it may include internal route names, component names, and file paths.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The activation guidance is broad enough that the skill could be invoked for generic frontend-structure questions, causing unnecessary directory scanning or unintended disclosure of project structure and file paths. In an agent setting, overbroad triggering increases the chance the skill runs on sensitive repositories without the user clearly intending a filesystem analysis task.

Missing User Warnings

Low

Confidence: 89% confidence
Finding: The skill does not clearly warn that it scans a provided directory and may enumerate internal file paths, routing layout, and module structure in its output. This can lead users to expose sensitive repository metadata or internal application topology unintentionally, especially when outputs are shared with other tools or users.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal