Back to skill

Security audit

Text Message Ad

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed creative tool for making fictional text-message-style ads and its file, script, and rendering behavior fits that purpose.

Install only if you want agents to create fictional chat-style marketing ads. Review the generated copy for ad-platform disclosure requirements, avoid real people or fake testimonials, and ask for confirmation when the original request is just a generic ad rather than a text-message-style ad.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

High
Confidence
90% confidence
Finding
The activation text includes broad triggers like 'make an ad for my product' and 'another version for X,' which can cause this skill to activate for many generic marketing requests that do not specifically ask for text-message style ads. Over-broad invocation increases the chance the agent selects a workflow that fabricates simulated conversations by default, which can lead to deceptive marketing content or inappropriate tool execution in the wrong context.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.