Security audit

Marketing Skills

Security checks across malware telemetry and agentic risk

Overview

This is mostly a marketing documentation bundle, but it needs review because it claims direct ad and social publishing access and includes bulk scraping and targeting guidance without enough safeguards.

Install only if you want a broad marketing playbook skill and can supervise it closely. Treat it as advisory documentation, not an autonomous operator: do not let it post to social accounts, change ad campaigns, upload customer lists, deploy tracking, scrape platforms, or send behavior-based emails without explicit review, legal/privacy checks, and platform-policy confirmation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (20)

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The skill explicitly recommends scraping 500-1000+ posts from other creators using automation tools such as Apify and Phantom Buster. That goes beyond normal social-content assistance and encourages bulk collection of third-party platform data, which can violate platform terms, enable unauthorized data harvesting, and create privacy/compliance risk.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The manifest description contains broad trigger phrases such as "test this change" and "hypothesis," which can match ordinary user requests outside the narrow scope of A/B testing. This can cause the agent to invoke the skill in unintended contexts, leading to inappropriate guidance, workflow confusion, or context hijacking by routing benign conversations into experimentation-specific behavior.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger description is broad and includes many generic analytics-related phrases without strong exclusion criteria, which can cause the skill to activate in situations where the user did not actually ask for implementation guidance. Misrouting is risky here because the skill contains prescriptive tracking advice that could steer users toward unnecessary data collection or implementation details without first establishing appropriateness.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill provides detailed tracking implementation guidance but does not present an upfront user-facing warning that analytics deployment can affect privacy, consent, and regulated data handling. Although privacy considerations appear later in the document, they are not framed as a mandatory gating step, so users may proceed directly to instrumentation patterns before assessing legal and data-minimization requirements.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The skill description contains a long list of generic trigger phrases such as 'vs page,' 'comparison page,' and competitor-related terms, which can cause the skill to activate on broad, ambiguous user requests. That increases the chance of unintended invocation, potentially steering unrelated conversations into competitive-content generation and creating unsafe or undesired agent behavior through overbroad routing.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill encourages behavior-based targeting using signals like opens, clicks, engagement, inactivity, and profile attributes without any guardrails around consent, data minimization, lawful basis, or sensitive-category exclusions. In an email marketing context this can lead agents to design campaigns that profile users and act on behavioral data in ways that violate privacy expectations or regulatory requirements, especially when the data is more granular than users reasonably expect.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The skill recommends recurring usage summaries and personalized reports derived from user activity, but does not warn that emailing detailed activity data can expose personal or business-sensitive information if sent to the wrong recipient, shared inbox, or compromised account. It also normalizes collecting and processing detailed usage telemetry without advising on minimization, access controls, or whether such reporting is appropriate for the product and audience.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The description includes many broad activation phrases such as generic references to calculators, generators, interactive tools, and lead-gen tools. This can cause the skill to be invoked in contexts where the user did not specifically request this marketing-planning behavior, leading to inappropriate routing, irrelevant advice, or accidental exposure of the skill in unrelated conversations. The content itself is not overtly malicious, but the trigger scope is wider than necessary.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The description contains very broad trigger phrases such as 'marketing ideas,' 'how to market,' and 'ways to promote,' which can cause the skill to activate for many generic business or growth requests. Over-broad activation increases the chance the wrong skill is invoked and may steer users into aggressive or inappropriate tactics without sufficient context gathering.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill recommends tactics like competitor targeting, pixel sharing, engagement pods, giveaways, parasite SEO, and data-driven growth ideas without any explicit warning to check platform rules, privacy obligations, ad policies, or legal constraints. In a marketing-advice context, users may directly operationalize these tactics, creating compliance, reputational, or account-enforcement risk for themselves or others.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The manifest description contains very broad trigger phrases such as 'psychology,' 'persuasion,' and 'decision-making,' which are common in many benign conversations and can cause the skill to activate outside its intended scope. Over-broad activation increases the chance that users are routed into advice centered on influence and persuasion when they did not explicitly request it, expanding exposure to potentially manipulative guidance.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: This section teaches multiple persuasion techniques that can be used to steer user behavior, including scarcity, anchoring, defaults, decoys, loss aversion, and request-escalation tactics, but offers only minimal ethical framing and no concrete safeguards around deception, consent, privacy, or vulnerable audiences. In context, this makes the skill more dangerous because it is an operational playbook for influencing consumer behavior, not merely a neutral academic discussion, so misuse could enable dark patterns or manipulative marketing practices.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill description contains very broad trigger phrases such as generic requests to 'improve conversions' or 'why isn't this page working,' which can overlap with ordinary marketing discussion. This can cause the skill to be invoked in situations outside its intended scope, leading to misrouting, inappropriate guidance, or interference with more specialized skills, though it does not directly enable code execution or data exfiltration.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill description includes very broad trigger phrases such as 'PPC,' 'paid media,' 'ad copy,' and 'audience targeting,' which can cause the skill to activate in many normal marketing discussions without a clear boundary. Overbroad activation increases the chance that the agent will enter a mode that assumes ad-platform expertise and operational authority in contexts where the user only wanted general discussion, raising the risk of unsafe or unauthorized guidance.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The statement that the skill has 'direct access to ad platform accounts' implies authority to take account-impacting actions, yet the skill provides no requirement for explicit user confirmation, scoped permissions, preview mode, or safeguards before changes. In the context of paid ads, misuse could directly spend budget, modify targeting, launch campaigns, or alter tracking, causing financial loss and operational damage.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The manifest description contains numerous broad trigger phrases such as common marketing terms and generic concepts, which can cause the skill to be invoked in situations beyond true referral-program tasks. Over-broad routing increases the chance of unintended tool use, irrelevant guidance, or context capture in adjacent business discussions, making agent behavior less predictable and potentially exposing unrelated user data to this skill's logic.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger description uses broad phrases such as 'audit, review, or diagnose SEO issues' and several common SEO-related terms, which can cause the skill to activate in conversations that only loosely relate to SEO. This is not a code-execution flaw, but it can lead to unintended routing, causing the agent to provide SEO-audit behavior when another skill or a general response would have been more appropriate.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger description is broad and includes common phrases like signup conversions, registration friction, and account creation flow, which can cause this skill to activate during general product, UX, or growth discussions rather than only when the user explicitly wants signup-flow optimization. Over-broad routing can misapply specialized guidance, suppress a better-matched skill, and create unreliable or manipulable agent behavior.

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The trigger description is very broad, covering common phrases like 'social media,' 'engagement,' and 'viral content.' Overly broad invocation can cause the skill to activate in unrelated contexts, increasing the chance that risky instructions in the skill are surfaced when not appropriate.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill claims direct access to a scheduling platform that publishes to major social networks but does not require confirmation, preview, or user authorization before account-impacting actions. In an agentic environment, this can normalize autonomous posting behavior and increase the risk of unintended publication or brand damage.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal