Growth Autopilot

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only ad optimization skill with disclosed spend-related guidance, but users should review outputs before applying them to live campaigns.

Install only if you want ad campaign planning and automation policy guidance. Treat its outputs as recommendations: require human approval before applying any bid, budget, freeze, rollback, or scaling change to live ad accounts, and set explicit budget caps, platform scope, rollback conditions, and monitoring-only defaults.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger keywords are broad enough to match ordinary marketing requests like 'optimize', 'budget', or 'scale', which can cause the skill to activate outside narrowly intended contexts. In a skill that recommends or automates spend and bidding actions, ambiguous invocation increases the chance of unintended high-impact guidance being applied to live campaigns.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill advertises automatic bid, budget, scaling, freeze, and rollback behavior without an explicit user-facing warning that outputs may affect live spend, delivery, and business performance. In ad-tech contexts, even advisory automation can be operationalized quickly, so the absence of prominent risk disclosure and confirmation makes accidental harmful changes more likely.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal