Meta Ads Strategy

Security checks across malware telemetry and agentic risk

Overview

This is a planning-only Meta Ads strategy skill that asks for normal campaign inputs and does not run code, access accounts, or make changes automatically.

Safe to install as a campaign planning aid. Do not paste Meta credentials, access tokens, or raw customer lists into chat; share only the minimum campaign context needed, and use customer-list targeting only when you have the right consent and legal basis. Expect that benchmark research may involve external web search.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Low

Confidence: 94% confidence
Finding: The skill explicitly asks for a product URL and later instructs use of web search, but it does not tell the user that external network access may occur or that provided data may be sent to third-party services. In an agent setting, that omission can cause unintended disclosure of business-sensitive URLs, campaign details, or browsing targets without informed user consent.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill asks whether the user has an existing customer list to target, which can involve personal data such as email addresses, phone numbers, or identifiers. Without warning, consent checks, or handling constraints, the workflow may encourage collection or processing of sensitive marketing data in ways that violate privacy expectations or regulatory requirements.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal