Landing Page Conversion Audit

Security checks across malware telemetry and agentic risk

Overview

This is a marketing audit skill that may fetch a user-provided landing page URL, with no evidence of hidden code, credential use, persistence, or destructive behavior.

Install is reasonable for normal marketing and CRO review. Before using it, avoid submitting private draft pages, internal URLs, or confidential campaign copy unless you are comfortable with your agent fetching and analyzing that content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs the agent to fetch any user-provided URL with `web_fetch` without imposing scheme/domain restrictions, warning about external network access, or specifying safe handling of fetched content. This can enable SSRF-style behavior, internal resource access, or retrieval of attacker-controlled prompt content that may influence downstream analysis if the runtime does not enforce strict network and content isolation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal