Site Architecture

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only website structure planning skill with no executable code; the main caveat is that it may read a named local marketing context file.

Reasonable to install for site architecture planning. Before use, make sure any local product-marketing context file does not contain secrets or stale confidential strategy, because the skill tells the agent to read it when available. Also verify activation is appropriate for broader website-planning requests.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The skill description contains broad trigger phrases like 'website planning,' 'what pages do I need,' and 'how should I organize my site,' which can cause the agent to activate in many ordinary conversations beyond a narrowly scoped site-architecture task. Over-broad activation can misroute user requests, suppress more appropriate skills, and create unintended access to contextual files such as product-marketing context, increasing the chance of inappropriate data use or degraded security boundaries between skills.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal