Ads Data Query

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only ads reporting helper that may give broad campaign recommendations but does not contain code, credentials, or account access.

Install as an advisory planning/reporting skill. Review any budget, bidding, campaign, or handoff recommendations before applying them in an ad account, and avoid sharing more confidential performance data than needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger keywords are broad enough to match many generic business or marketing requests, which can cause the skill to activate outside its intended scope. In an agent environment, unintended invocation can route user requests into ad-optimization workflows that produce irrelevant or overly action-oriented outputs, increasing the chance of unsafe automation or incorrect downstream handoffs.

Vague Triggers

Medium

Confidence: 96% confidence
Finding: The activation rules combine distinct functions—analysis, campaign execution, and general optimization—without clear separation, making it ambiguous when this skill should run. That ambiguity is risky because a skill described as a query assistant may be invoked for operational campaign actions, causing scope creep, inappropriate recommendations, or accidental chaining into execution-capable systems.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal