Ads Asset Manager

Security checks across malware telemetry and agentic risk

Overview

This is an advisory ad creative planning skill with no code execution, credential access, persistence, or account-changing authority.

Safe to install as a planning helper. Review its recommendations before applying them in live ad accounts, especially where spend, policy compliance, tracking, or brand claims are involved; it may also trigger on broad marketing prompts where a more general strategy skill would fit better.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger section is broad enough to match many ordinary marketing or business conversations, not just requests that specifically need asset taxonomy or creative asset management. That increases unintended invocation risk, which can cause the wrong skill to take over a workflow, produce irrelevant ad-operations guidance, and interfere with safer or more appropriate routing logic.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal