Design To Code Local

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward design-to-code helper with broad activation wording but no evidence of hidden, destructive, credential-seeking, or persistent behavior.

Install this if you want help reproducing design mockups as frontend code. Invoke it explicitly for design-driven work, and review generated code changes normally, especially when the request is a generic UI task rather than a concrete mockup or design link.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The description contains broad activation phrases such as implementing designs or converting mockups to code, which can overlap with ordinary frontend development requests. This can cause the skill to trigger in situations where a more specific or safer workflow should apply, increasing the chance of unintended behavior or overbroad delegation by the agent.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger section lists broad phrases for activation but does not define scope limits or exclusions, so the skill may be invoked for generic requests like 'implement this page' even without an actual design source. In an agent setting, ambiguous triggering is dangerous because it can route normal development tasks into the wrong skill, causing unintended code generation or bypassing more appropriate review paths.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal