Timeplus Design

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only UI design skill; the main practical caveat is that its examples recommend Google Fonts and optional npx commands.

Safe to install for UI styling work. Before copying the examples into a privacy-sensitive or internal product, consider self-hosting Inter or documenting the Google Fonts third-party request; only run the optional npx commands if you are comfortable executing that npm package in your environment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 83% confidence
Finding: Loading fonts from fonts.googleapis.com causes client browsers to make third-party requests, which can disclose user IP address, user agent, referrer context, and timing metadata to Google. In a UI design skill that provides normative implementation guidance, this omission can propagate privacy-impacting defaults across downstream applications, especially in regulated or internal-console environments.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal