Back to skill

Security audit

Mobile Responsive Layout Fixer

Security checks across malware telemetry and agentic risk

Overview

This is a simple guidance skill for fixing responsive layout issues, with no executable code, persistence, credential access, or hidden data handling.

Installers should know this skill may be selected for broad frontend or layout requests. That is a usability/scoping concern, not a security block; review its output as responsive-design guidance and use explicit skill invocation when precision matters.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger sentences are generic and map to broad phrases like 'help me' or 'I need a practical workflow' combined with a common UI topic, which can cause unintended skill activation. In an agent ecosystem, overly broad activation increases the chance this skill intercepts unrelated frontend requests, leading to incorrect tool selection, prompt-routing confusion, or abuse by users intentionally phrasing requests to force this skill to run.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases are very broad and can activate on generic requests about workflows, layout, or responsiveness without strong scoping. In an agent ecosystem, this can cause accidental invocation, prompt-routing mistakes, or unintended handling of user tasks, which increases the chance of inappropriate actions or disclosure through the wrong skill being selected.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger keywords are broad, generic frontend terms such as 'layout' and 'frontend' that commonly appear in ordinary conversations. This can cause the skill to activate outside its intended scope, leading to inappropriate routing, prompt interference with other skills, or untrusted skill instructions being injected into unrelated user tasks.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The example trigger phrases are highly templated and still broad enough to match general requests about responsiveness or layout without meaningful scoping. Ambiguous examples train activation behavior toward over-selection, which increases the chance this skill is invoked for unrelated frontend requests and exposes downstream handling to prompt-routing errors.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger keywords are broad and overlap with many normal frontend discussions, which can cause this skill to activate in unrelated contexts. Over-broad activation increases the chance of inappropriate routing, making the agent apply this workflow when the user wanted something else, which can degrade reliability and potentially expose unrelated user context to an unnecessary skill.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The description uses broad, fuzzy activation conditions like 'when the user asks for creative-and-content, mobile responsive, responsive design, navbar, layout' without clear boundaries. Ambiguous activation criteria can cause the skill to be selected too often, leading to misrouting and unsafe over-application of instructions outside their intended scope.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill enables implicit invocation, but the manifest does not define narrow activation constraints or safety gating beyond a broad product-area description. This can cause the agent to auto-select the skill in loosely related conversations, increasing the chance of unintended prompt injection exposure, inappropriate tool use, or user actions being influenced without explicit consent.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger sentences are highly generic and mirror ordinary user requests such as asking for help or a practical workflow. This can cause the skill to activate in contexts far outside its intended scope, leading to unintended interception of unrelated prompts and potentially overriding safer or more relevant skills.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.