Back to skill

Security audit

Analytics Tracking

Security checks across malware telemetry and agentic risk

Overview

This is a text-only analytics setup guide; it appears coherent and safe to install, but its examples should be implemented with privacy and consent review.

Reasonable to install as an analytics implementation guide. Before applying its examples, review any local marketing context file it may read, avoid sending PII to analytics tools, use consent controls where required, test tags before publishing, and make sure an authorized account owner approves GA4, GTM, Facebook Pixel, or Google Ads changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The reference includes examples that transmit persistent user identifiers and user properties to GA4/GTM without any guidance on consent, data minimization, or prohibitions on sending personal data. In an analytics implementation skill, users may copy these snippets directly, which increases the risk of privacy violations, noncompliant tracking, and accidental disclosure of identifiable information to third-party analytics systems.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.