Frontend Design

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only frontend design skill with purpose-aligned file creation and a form example that users should review before publishing.

Review any generated contact or waitlist form before publishing, especially if it uses Formspree or another external endpoint. Also expect the skill to read local brand notes and create design files in your workspace.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill explicitly recommends posting email addresses to a third-party Formspree endpoint without requiring user consent, disclosure, or validation of who controls that endpoint. In an agent setting, this can cause unintended exfiltration of user-entered personal data to an external service the user did not approve.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal