Prototype Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed prototype generator that may scan and edit project files, with no evidence of hidden installs, credential use, persistence, or data exfiltration.

Use this skill in a version-controlled workspace. Tell the agent whether you want standalone HTML or integration with an existing mock UI framework, specify the target directory, and review the diff because it may add or edit prototype files such as menu.js, view_*.html, mock-ui.js, or optional SQL files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill description and trigger guidance are broad enough to match many ordinary requests about creating prototypes or pages, which can cause unintended invocation outside the user's actual intent. In an agent system, overbroad activation increases the chance that the skill scans the project and generates or modifies files in contexts where a narrower tool or no tool should have been used.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The activation conditions rely on loosely defined user intent like wanting a runnable prototype page or adding a list/admin page, without strong scope boundaries or disambiguation steps. This can lead to accidental activation on general development requests, causing unnecessary repository inspection and file generation that may disrupt workflows or produce unintended changes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal