Mapbox Style Patterns

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable Mapbox styling guide, with a delivery-tracking example that needs privacy controls when adapted into a real app.

Reasonable to install for Mapbox style examples. If you use the delivery/logistics pattern, add informed consent, authenticated and role-limited access to live locations, minimized precision/update frequency where possible, short retention, and clear disclosure of who can view driver or customer locations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The document promotes real-time tracking of drivers and customers, ETA display, route progress, and continuous GPS updates without any accompanying privacy, consent, retention, or access-control guidance. In a logistics context this can lead implementers to expose sensitive live location data, creating stalking, surveillance, and operational security risks for both workers and customers.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal