Back to skill

Security audit

Retargeting Funnel

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only retargeting playbook, but users should handle privacy consent and ad-platform data sharing carefully before implementing it.

Install only if you are comfortable with a marketing guide for behavioral retargeting. Before applying its steps, confirm your privacy notice, consent management, opt-out handling, data minimization, retention, and Meta/Google/TikTok platform-term obligations for all regions where your users live.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs users to deploy pixel-based tracking, event validation, server-side forwarding, and audience segmentation for retargeting, but provides no guidance on obtaining consent, honoring opt-outs, minimizing data collection, or complying with privacy laws and platform policies. In a marketing skill whose core function is behavioral retargeting, that omission can directly lead users to implement non-compliant tracking and ad targeting practices.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guide instructs implementers to send hashed customer data to Google Enhanced Conversions and frames it as performance optimization, but omits any requirement to obtain valid user consent, verify lawful basis, or handle the data in accordance with privacy obligations. Hashing does not remove the sensitivity of the transfer in this context, and implementers could deploy privacy-impacting tracking that exposes the business to regulatory, contractual, and trust risks.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This document gives detailed instructions for deploying browser pixels, server-side APIs, catalog matching, and behavioral retargeting across multiple ad platforms without any upfront disclosure about privacy implications, consent gating, or user-data sharing. In the context of an ecommerce retargeting skill, that omission is more dangerous because the entire workflow operationalizes cross-platform tracking of browsing, cart, checkout, and purchase behavior, increasing the likelihood of non-compliant deployment at scale.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The checklist explicitly promotes broad client-side and server-side tracking, identity matching, and cross-platform event sharing, but provides no privacy, consent, data minimization, or legal compliance guardrails. In a marketing skill focused on retargeting, this omission can lead users to deploy invasive tracking without proper notice or opt-in, increasing the risk of privacy violations and regulatory noncompliance.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.