Design Platform Search

Security checks across malware telemetry and agentic risk

Overview

This skill is a documentation-only workflow for public, login-free design searches and does not request credentials, persistence, or privileged access.

Reasonable to install for lightweight public inspiration searches. Keep usage to public pages, do not provide cookies or logged-in sessions, keep request volume modest, and override the English-tag default when the user's topic, locale, or language calls for non-English searches.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Natural-Language Policy Violations

Medium

Confidence: 92% confidence
Finding: The skill explicitly instructs agents to prefer English tags unless a platform clearly supports another language, which hard-codes a language bias without requiring user preference or task-specific justification. In a search skill, this can systematically exclude relevant non-English content, skew retrieval quality, and produce discriminatory or incomplete results for users working in other languages or regions.

Natural-Language Policy Violations

Medium

Confidence: 90% confidence
Finding: Stating that the platforms are 'effectively English-first in most reusable workflows' reinforces the same fixed language policy at the guardrail level, making biased behavior more likely to persist across uses. In context, this can normalize unnecessary exclusion of non-English searches and degrade coverage for international or multilingual design research.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal