Back to skill

Security audit

Growth Hub

Security checks across malware telemetry and agentic risk

Overview

The available evidence shows a coherent business-orchestration skill with a possible overbroad trigger pattern, but no artifact-backed sign of hidden behavior, exfiltration, persistence, or unsafe install actions.

Safe to install if you want a broad growth or business orchestration helper. Be aware it may activate on generic business requests; for any real ad spend, publishing, account changes, or business-data writes, ask the agent to show the planned action and require explicit confirmation first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger keywords are broad business terms like "growth," "strategy," "report," and "dashboard," which are likely to appear in many unrelated requests. In a top-level orchestration skill, this increases the chance of unintended activation and misrouting, causing the skill to intercept requests meant for more specialized skills and potentially influence downstream decisions across multiple ad and growth systems.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.