IFQ Design Skills

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate local HTML design skill, with privacy caveats around optional web-loaded assets and optional personal memory data.

Install only if you want an agent to create and edit local HTML design artifacts in your workspace. Treat generated previews as potentially making outbound requests for fonts or icons, and do not put sensitive personal data, private local paths, credentials, or customer material into the optional memory index unless you are comfortable with your agent using it in prompts and outputs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (31)

Context-Inappropriate Capability

Low

Confidence: 95% confidence
Finding: The SVG imports Google Fonts via a remote @import, which causes network access when the asset is rendered and leaks viewer metadata such as IP address and user agent to a third party. In a local banner asset, this creates unnecessary external dependency and privacy risk even though it does not enable code execution by itself.

Context-Inappropriate Capability

Low

Confidence: 91% confidence
Finding: This HTML showcase pulls third-party resources from Google Fonts and unpkg at render time. In a static design deliverable, that creates avoidable external network dependencies, which can leak viewer metadata such as IP address and user agent, reduce reproducibility offline, and introduce supply-chain risk if the remote asset changes or is compromised.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: This showcase HTML loads executable third-party JavaScript from unpkg and remote font resources from Google, which introduces supply-chain and privacy risk into what should be a mostly self-contained HTML design deliverable. If the external script is tampered with or unavailable, the page can execute untrusted code or fail unpredictably, and visitors' metadata will be exposed to third parties.

Context-Inappropriate Capability

Low

Confidence: 95% confidence
Finding: The file loads third-party resources from Google Fonts and unpkg even though it is a static showcase HTML deliverable. This creates unnecessary external dependencies and causes viewers' browsers to contact third-party services, expanding the attack surface through supply-chain risk and passive data disclosure such as IP address, user agent, and referrer.

Context-Inappropriate Capability

Low

Confidence: 88% confidence
Finding: This static HTML showcase makes third-party network requests to Google Fonts and unpkg for runtime assets that are not strictly local to the design deliverable. In an agent-skill context, external dependencies create privacy, supply-chain, and reproducibility risk because opening the file leaks client metadata and trusts remote content that can change independently of the repository.

Context-Inappropriate Capability

Low

Confidence: 87% confidence
Finding: This demo makes unsolicited external requests to Google Fonts, which leaks viewer metadata such as IP address, user agent, and request timing to a third party. In an HTML-first design skill, that is a real privacy and supply-chain concern even if the code is otherwise static and the fonts are described as optional.

Description-Behavior Mismatch

Low

Confidence: 92% confidence
Finding: The file makes external requests to Google Fonts, which causes network egress and leaks viewer metadata such as IP address, user agent, and timing to a third party. In an HTML-first design demo this is not remote code execution, but it does violate expectations of a self-contained artifact and creates a privacy/supply-chain dependency.

Context-Inappropriate Capability

Low

Confidence: 92% confidence
Finding: The demo makes third-party network requests to Google Fonts, which leaks viewer metadata such as IP address, user agent, and timing to an external service. For a local design deliverable, this external dependency is unnecessary from a security/privacy standpoint and increases supply-chain and tracking exposure, even though it does not enable direct code execution here.

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: The protocol expands the skill from HTML-first design assistance into active acquisition and even generation of third-party branded assets. That creates scope creep with licensing, provenance, and unauthorized external-content handling risks, especially because it directs the agent to proceed with searching/downloading by default rather than requiring explicit user approval.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The file explicitly instructs use of shell and network tooling such as curl, yt-dlp, ffmpeg, and grep to fetch and process remote content. In an agent environment, this increases the attack surface for unbounded network access, unexpected file writes, and retrieval of untrusted content beyond what is necessary for a design-only skill.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The script recursively packages the entire repository and only excludes a limited set of patterns, so unrelated local files present in the repo can be silently bundled and written to disk. In a skill intended for HTML-first design deliverables, that broad collection behavior increases the chance of accidental inclusion of sensitive material such as environment files, notes, references, or other non-deliverable assets if they are not explicitly excluded.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The template states the skill will 'automatically read' a copied memory file containing personal data, but it does not define when that access occurs, what fields are in scope, or what user action authorizes it. In an agent skill context, ambiguous automatic access to memory-stored PII can lead to over-collection and unintended inclusion of sensitive data in prompts, outputs, or downstream tool calls.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The file instructs users to place real personal information in agent memory for later use, but only warns against distributing it with the skill and does not address other realistic privacy risks such as prompt leakage, logging, syncing, export, or transmission to external services. Because the template includes identity, contact, social, filesystem paths, and knowledge-base locations, misuse or accidental disclosure could expose sensitive personal and environment-specific data.

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The file loads external resources without any user-facing notice that opening the showcase will contact third-party services. While low severity, this can surprise users, violate privacy expectations in restricted environments, and make the artifact unsuitable for air-gapped or confidentiality-sensitive review workflows.

Missing User Warnings

Low

Confidence: 86% confidence
Finding: Loading fonts and icons from third-party hosts causes client requests to be sent to external services, sharing IP address, user agent, referrer, and timing data without any user-facing notice. In a design-skill context this is not catastrophic, but it still creates avoidable privacy leakage and compliance concerns.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The page fetches fonts and a script from external providers without any disclosure that page visits will initiate requests to Google and unpkg. Even in a static design showcase, this can leak visitor metadata to third parties and may violate privacy expectations or internal review standards for offline or self-contained deliverables.

Missing User Warnings

Low

Confidence: 86% confidence
Finding: The file makes third-party requests to Google Fonts and unpkg, which leaks visitor metadata such as IP address, user agent, and timing information to external providers whenever the page loads. This is not code execution by itself, but it creates a privacy and supply-chain exposure because page rendering depends on remote assets outside the author's control.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The file performs external requests for fonts and a script without any user-facing notice, so users may unknowingly contact third parties when previewing a local design artifact. In a skill repository meant for design deliverables, this is a real transparency and privacy issue even if the content itself is non-malicious.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger list contains broad, common terms such as "dashboard," "landing," "ppt," and related generic design phrases, which can cause the skill to activate in situations beyond its intended scope. In an agent marketplace, overly broad routing increases the chance of misapplication, incorrect tool use, or accidental takeover of unrelated user requests, especially because this skill can write files and run workspace-scoped shell commands.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The file contacts external Google Fonts endpoints without any user-facing disclosure, so users may unknowingly trigger third-party network access when opening a local-looking demo. While low severity, this creates a privacy/transparency issue that is more relevant in an offline-capable design deliverable context.

Missing User Warnings

Low

Confidence: 90% confidence
Finding: This file makes third-party requests to Google Fonts, which leaks user metadata such as IP address, user agent, and timing information to an external service without any disclosure or consent mechanism visible in the file. While common in front-end demos, it is still a privacy and supply-chain exposure because rendering depends on a remote provider.

Missing User Warnings

Low

Confidence: 90% confidence
Finding: The page makes unsolicited requests to Google Fonts, which disclose visitor metadata such as IP address, user agent, and timing information to a third party without any user-facing notice or consent flow. In a design-demo skill this is not code-execution dangerous, but it is a real privacy and compliance issue because merely opening the file can trigger external network access.

Missing User Warnings

Low

Confidence: 89% confidence
Finding: The document silently contacts third-party font services without any user-facing notice, so users may unknowingly trigger outbound requests when opening the demo. This is primarily a privacy and transparency issue, and in a design-skill context it is more concerning because the artifact appears otherwise self-contained.

Missing User Warnings

Low

Confidence: 89% confidence
Finding: The page contacts Google Fonts without any visible notice, so users may unknowingly trigger third-party requests when opening a local design artifact. This creates an avoidable privacy issue and weakens transparency around external data disclosure, especially in a skill expected to produce local-first visual deliverables.

Natural-Language Policy Violations

Medium

Confidence: 89% confidence
Finding: The file begins in Chinese and presents normative usage guidance without offering a language option or documenting that the skill is intentionally Chinese-only. In a general-purpose design skill, this can cause misunderstanding of implementation guidance, reduce operator visibility into downstream behavior, and create reliability or review gaps for users who do not read Chinese.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal