Mobile Responsive Layout Fixer

Security checks across malware telemetry and agentic risk

Overview

This is a simple mobile responsive layout workflow skill; its activation terms are broad, but the artifacts do not show hidden code, credential access, persistence, or destructive behavior.

Install only if you want automatic help for mobile responsive UI fixes. Be aware it may trigger on broad mobile/responsive wording; prefer explicit invocation when using it, and consider narrowing triggers if you maintain the skill.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (9)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger sentence "Help me Mobile Responsive Fixes." is broad and generic enough that it could cause the skill to be invoked in situations where a user is merely discussing mobile responsiveness rather than explicitly requesting this workflow. That can lead to unintended routing or overshadow more appropriate skills, though the content here is not inherently privileged or dangerous.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger phrase "Help me Mobile Responsive Fixes." is broad help-seeking language that can match ordinary user requests and cause the skill to activate outside narrowly intended scenarios. Overbroad activation increases the chance of unintended routing, hidden prompt influence, or the skill being applied when a different, safer, or more relevant workflow should handle the request.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The skill description includes broad terms like 'creative-and-content', 'mobile', 'responsive', 'fixes', 'labels', and generic 'implementation support', which can cause the skill to activate for many unrelated requests. Over-broad activation increases the chance that an agent routes users into this skill when it is not the best match, leading to incorrect assistance, prompt-scope confusion, or unintended disclosure of internal workflow guidance.

Vague Triggers

Medium

Confidence: 97% confidence
Finding: The trigger list contains vague, generic keywords such as 'mobile', 'responsive', 'fixes', 'labels', 'level', 'beginner', and 'type', any of which may appear in ordinary conversation unrelated to this skill. This makes accidental or excessive activation likely, which can disrupt task routing and cause the model to apply irrelevant instructions in contexts where they do not belong.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill description is broad enough that common terms like mobile, responsive, or fixes could cause the agent to select this skill outside the narrowly intended requirement. Overbroad routing can misapply the skill, leading to irrelevant guidance, accidental workflow execution, or unintended influence over user requests that should have been handled by a different, more appropriate skill.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger keyword list contains generic, high-frequency terms such as mobile, responsive, fixes, labels, level, beginner, and type, which substantially increases the chance of unintended activation. If exploited or simply encountered in normal conversation, this could cause prompt-routing confusion, override better-matched skills, and expand the skill's operational surface beyond its intended purpose.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The default prompt/activation phrase is extremely broad and maps to common user intents like help, fixes, workflow, checklist, and implementation support. This can cause the skill to trigger in situations the user did not explicitly request, creating prompt-routing confusion and increasing the chance that unrelated or sensitive tasks are handled by this skill unexpectedly.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: Enabling implicit invocation without strong activation constraints allows the agent framework to auto-route ordinary requests into this skill based on ambiguous language. That increases the attack surface for unintended tool/skill activation, prompt hijacking through overlapping phrasing, and user confusion about which behavior or instructions are being applied.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger phrase "Help me Mobile Responsive Fixes." is broad and close to natural user wording, which increases the chance the skill activates unintentionally during ordinary conversation. In an agent-routing context, accidental activation can misroute requests, override a better-matched skill, or cause the system to act on irrelevant instructions, reducing reliability and potentially exposing downstream workflows to unintended inputs.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal