Ads Creative Scoring

Security checks across malware telemetry and agentic risk

Overview

This is a text-only advertising creative review skill with broad trigger wording but no hidden access, code execution, credential use, persistence, or account-changing behavior.

Safe to install as an advisory skill. Treat launch, spend, and policy-related recommendations as planning support, and verify platform policy and budget decisions before acting.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger section is broad enough to match many generic business, growth, and advertising requests, so the skill may activate when the user did not specifically want ad-creative scoring. Over-triggering can route conversations into an overly specialized workflow, causing unintended data exposure to the skill context, degraded task selection, and unsafe or irrelevant recommendations in adjacent domains.

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal