Back to skill

Security audit

Phy Frontend Design

Security checks across malware telemetry and agentic risk

Overview

This is a text-only frontend design guide with no hidden code, sensitive access, or persistence behavior.

This skill appears safe to install as a frontend design helper. Expect it to push generated UI toward bold, distinctive aesthetics; review any generated code before production use, especially if it introduces third-party fonts, assets, libraries, animations, or larger design changes than you intended.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill description is broad enough to activate on very generic requests to 'style' or 'beautify' almost any web UI, which can cause the agent to invoke this skill outside a narrowly intended scope. Over-broad routing increases the chance of inappropriate tool selection, prompt-shadowing of more suitable skills, and unnecessary code generation in contexts where only limited guidance was requested.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.