Ads Market Insights

Security checks across malware telemetry and agentic risk

Overview

The skill is an ad and market intelligence assistant that uses an external API key, and the reviewed behavior is disclosed and aligned with that purpose.

Install only if you intend to use an external ad/app intelligence API and are comfortable configuring an API key. Watch for accidental activation on generic business questions, and verify that any download or revenue figures are treated as third-party estimates.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger section uses very broad business terms such as 'growth', 'revenue', 'profit', 'traffic', and 'conversion', which are common across many unrelated business queries. This can cause the skill to activate when the user did not intend to request paid media market analysis, leading to misrouting, overbroad data collection prompts, or irrelevant advertising-specific guidance.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal