Security audit

Design Tools Index

Security checks across malware telemetry and agentic risk

Overview

This skill is a static design-tool directory with external links and no code, credentials, persistence, or privileged behavior.

Install if you want a Chinese-language index of design tools. Be aware that some referenced files are not included in this package, and any external tool links should be evaluated separately before signing in, paying, or uploading design assets.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The description says to use this skill whenever a user needs to pick a tool for a design task, even if they do not name a specific tool. That activation scope is overly broad and can cause the agent to invoke this directory-style skill in many loosely related conversations, increasing the chance of irrelevant routing, unnecessary external-link suggestions, and interference with more appropriate skills.

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: The skill content is written entirely in Chinese without indicating that output language should follow the user's preference or locale. In an agent setting, this can cause unwanted language switching, reduce usability, and make the skill behave unpredictably for users who did not request Chinese responses.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal