Security audit

AdMapix Raw Data Developer Helper

Security checks across malware telemetry and agentic risk

Overview

This appears to be a documentation/workflow skill for AdMapix-style raw data work, with no evidence of malware or hidden high-impact behavior.

Install only if you want an AdMapix/ad-tech raw-data workflow helper. Be aware it may activate for generic data, ETL, revenue, or ranking requests unless the publisher narrows its trigger wording; review outputs for domain fit before relying on them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (6)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill description is broad enough to match common data-related requests such as raw data, analytics, rankings, and workflow support, which increases the chance of unintended invocation. Over-broad activation can route unrelated user tasks into this skill, causing inappropriate guidance, context leakage between domains, or unsafe downstream automation if the skill is later expanded to perform actions.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The keyword list includes generic terms like 'raw data', 'rankings', 'revenue', 'ETL', and 'data quality' without scope constraints, making accidental triggering likely across many unrelated workflows. In an agent environment, ambiguous triggers can misroute tasks, overexpose this skill's instructions, and create unpredictable behavior when multiple skills compete for activation.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill description is broadly scoped around AdMapix-style raw data workflows, code, checklists, documentation, and review support, which can cause the agent to activate for loosely related requests. Overbroad activation increases the chance of unintended use in contexts outside the author's intended domain, leading to irrelevant or unsafe assistance paths and reducing routing reliability.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger keywords include very generic terms such as "raw data," "revenue," and "ETL" without scope constraints or counterexamples. This makes accidental invocation likely for many unrelated data tasks, which can misroute user requests and cause the skill to provide domain-specific guidance where it does not apply.

Vague Triggers

High

Confidence: 95% confidence
Finding: The trigger sentence begins with a very broad everyday phrase ('Help me'), which can cause the skill to activate for many unrelated requests. In an agent-routing context, overbroad activation is dangerous because it can misroute user tasks, inject irrelevant workflow instructions into unrelated sessions, and reduce reliability of tool selection.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: This trigger remains underspecified and overly generic, so the skill may match on commonplace requests without sufficient AdMapix or raw-data context. That creates an unsafe routing surface where users may receive incorrect or unintended specialized guidance, especially in multi-skill agent systems that depend on precise activation boundaries.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal