Visual

Security checks across malware telemetry and agentic risk

Overview

This is a simple instruction-only visual design skill, with some broad collaboration-related guidance but no code or system access.

This skill is reasonable to install as a design-guidance prompt. Treat its collaboration and sharing advice as general guidance, and review any real document permissions, sharing links, backups, or export settings yourself before applying them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The skill is declared as a visual design guidance skill, but most of the body describes collaboration controls, permissions, sync, storage, version history, and export behavior unrelated to that purpose. This kind of scope mismatch can cause incorrect routing or overbroad invocation, leading users to trust the skill for tasks outside its documented authority and potentially exposing them to mishandled sharing or data-management guidance.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The example trigger phrases are very broad and generic, such as asking how to use the skill for a concrete task or asking about core features and promotions. Broad invocation patterns can collide with ordinary user requests, causing accidental activation or misrouting, especially because the phrases are not tightly anchored to specialized visual-design intent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal