Digital Marketing

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent digital marketing roadmap API guide, but users should treat the career assessment and identifier fields as personal data before sending them to the provider.

Install only if you are comfortable sending career history, skills, goals, session IDs, timestamps, and any user ID to the API provider. Avoid including sensitive personal or employment information unless you have verified the provider, endpoint, TLS, and privacy or retention terms.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill documentation explicitly shows collection of career assessment details, session identifiers, timestamps, and a user ID, but provides no privacy notice, retention policy, minimization guidance, or handling constraints. While the data is not highly sensitive on its own, it is still user profiling and identifier data that could enable tracking, correlation, or misuse if operators or downstream services handle it insecurely.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal