Back to skill

Security audit

cookie-policy-page-generator

Security checks across malware telemetry and agentic risk

Overview

This appears to be a low-risk cookie-policy guidance skill, with only a minor risk of being invoked for unrelated cookie requests.

Installers should understand this is guidance content, not legal advice. Consider narrowing the trigger wording so ordinary requests about browser cookies or recipes do not accidentally invoke it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger list includes the standalone term "cookies," which is broad enough to match many ordinary user requests unrelated to generating or optimizing a cookie policy page. This can cause unintended skill invocation, leading the agent to route users into legal/compliance content when they meant browser cookies, recipes, or other unrelated topics, reducing reliability and potentially exposing users to inappropriate guidance.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.