Design

Security checks across malware telemetry and agentic risk

Overview

This is a small design-preference memory skill that may save visual taste notes for future work, with no executable code, network access, or credential handling.

Install this if you want the assistant to remember and reuse your visual style preferences. Periodically review the saved Aesthetic, By Medium, Brands, and Never sections so mistaken or stale inferred preferences do not keep influencing future design work.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill description is extremely broad, covering UI, graphics, video, and 'any creative work,' which can cause the agent to activate on many ordinary user requests beyond a narrowly scoped design-preference task. Over-broad triggering increases the chance of unnecessary context collection and unintended preference persistence across unrelated tasks.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The instruction to 'observe and fill' empty sections is ambiguous about when observation is permitted and what user interactions justify writing preferences. This can lead to passive profiling from routine conversation or creative feedback without explicit consent, making silent accumulation of user preference data more likely.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal