Landing Gen

Security checks across malware telemetry and agentic risk

Overview

This skill is an instruction-only landing-page generator whose file-writing behavior matches its stated purpose, with some normal caution needed around generated edits.

Install only if you are comfortable with a skill that can read local product docs and create or edit landing-page files. Review diffs before accepting changes, especially if src/pages/index.astro or an existing route already exists, and avoid sending confidential PRD details through optional web or MCP search.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill is explicitly authorized to use Write/Edit and instructs the agent to scaffold or write files into the workspace, but it does so without requiring a clear user-facing confirmation immediately before modification. This can lead to unintended workspace changes, overwriting existing landing pages or documentation, especially because stack detection may cause the agent to create real application files rather than content-only output.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal