Back to skill

Security audit

seo giffy

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed GA4/GTM automation skill with meaningful privacy and credential considerations, but the reviewed behavior is coherent and user-gated.

Install only if you are comfortable granting Google/GTM OAuth access, running browser-backed network workflows, and storing a refresh token in the artifact directory. Before deploying any user_id, account_id, payment, or transaction tracking, confirm consent/legal basis, avoid PII or secrets, minimize identifiers, and verify the exact GTM account, container, workspace, and publish step yourself.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger description is unusually broad and includes generic measurement-oriented phrases like 'how do I know if something is working,' which can cause the skill to activate for requests outside pure analytics implementation. Over-broad routing can misclassify user intent, leading the agent to provide irrelevant or lower-safety guidance instead of invoking a more appropriate specialized skill.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The eval explicitly rewards the skill for 'triggering on casual phrasing' without defining concrete boundaries for when the skill should activate. In an agent-routing context, vague trigger criteria can cause overbroad invocation, leading the analytics-tracking skill to activate on unrelated prompts that merely mention broken results, conversions, or measurement, which can misroute user requests and produce inappropriate actions or advice.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The reference recommends tracking identifiers like user_id and account_id alongside payment and transaction-related events, but provides no guidance on data minimization, consent, retention, or avoiding sensitive fields. In an analytics implementation skill, users may copy these examples directly into production telemetry, increasing the risk of privacy violations, over-collection, and accidental capture of regulated or sensitive financial data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The examples explicitly show sending user_id and user properties such as user_type and plan_name to GA4/GTM without any warning about consent, privacy obligations, or restrictions on transmitting identifiable data. In an analytics implementation reference, readers may copy these snippets directly, which can lead to privacy violations, policy noncompliance, or accidental tracking of personal data without proper disclosure and legal basis.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The reference includes examples that push user-related identifiers and marketing/analytics event data into the data layer, but it does not pair those examples with clear guidance to avoid personal data collection, obtain consent where required, or minimize identifiers. In an analytics implementation skill, readers may copy these patterns directly into production, creating privacy-compliance and unnecessary data-exposure risk even if the examples are not overtly malicious.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.