Back to skill

Security audit

Ads Execution Hub

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only advertising operations skill that provides campaign planning guidance and does not install code, access accounts, or run actions itself.

Safe to install as an ads planning assistant. Users should treat budget, bid, launch, scaling, and containment outputs as recommendations for an authorized operator to review before making live changes in ad platforms.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger list includes generic terms such as "campaign," "optimize," and "scale," which are common in many non-advertising conversations. This can cause the skill to activate outside its intended scope, leading to inappropriate ad-operations guidance, misrouting, or accidental invocation in unrelated contexts. Because this skill can influence spend and campaign actions across multiple ad platforms, unintended activation is more consequential than for a read-only or low-impact skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.