Back to skill

Security audit

Creative Helper

Security checks across malware telemetry and agentic risk

Overview

This is a text-only helper for advertising creative ideas and analysis, with no code, account access, or hidden installation behavior.

Safe to install based on the provided artifacts. Treat campaign metrics, brand strategy, and unpublished creative plans as sensitive, and review generated ad claims for platform policy and legal compliance before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger keywords are broad enough to match many ordinary marketing conversations, which can cause the skill to activate outside its intended scope. Over-broad invocation is dangerous because it can override more appropriate skills, produce ad-specific advice when the user did not request it, and expand the attack surface for prompt-routing manipulation or unintended data handling.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.