Paid Advertising

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only paid advertising guide with expected tracking and audience-targeting advice, but users should apply privacy and consent checks before using pixels or customer lists.

Before following the tracking or custom-audience steps, make sure you have proper consent or another valid legal basis, honor opt-outs, update privacy/cookie notices where required, minimize uploaded customer data, and verify the ad platform's terms and applicable privacy laws such as GDPR or CCPA. Do not give the skill or unknown parties ad-account credentials, payment details, API keys, or website admin access.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill instructs users to install tracking pixels and upload email/customer audiences without any mention of consent, lawful basis, privacy notice updates, or jurisdiction-specific compliance requirements. In context, this can lead users to deploy ad tracking and audience matching in ways that violate privacy laws, platform policies, or customer expectations, creating legal and data-handling risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal