Ads URL Parser

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only advertising planning skill that turns user-provided URLs into ad launch briefs and does not request execution, credentials, persistence, or account access.

Safe to install for drafting ad briefs from URLs. Before acting on its recommendations, verify the extracted page facts, keep paid campaign changes and budgets under explicit human control, and avoid using it for general business advice unless you actually want URL-based ad planning.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger conditions are broad enough to match many generic business, marketing, and revenue-related requests, not just URL parsing and ads-brief generation. This can cause unintended invocation of the skill, leading the agent to collect URLs or generate advertising execution guidance in contexts where the user did not explicitly request this specialized behavior, increasing the risk of scope hijacking and incorrect automation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal