Back to skill

Security audit

X Design

Security checks across malware telemetry and agentic risk

Overview

This skill is a broad HTML design workflow assistant; its file creation, web lookups, asset fetching, and small browser-state persistence are disclosed and fit that purpose.

Before installing, expect this skill to be invoked broadly for visual-design work and to create HTML/design files. For branded projects it may search the web and fetch logos or product assets, so avoid handing it private brand materials, proprietary repositories, or sensitive screenshots unless you are comfortable with those being processed for the design task.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (14)

Vague Triggers

High
Confidence
95% confidence
Finding
The skill description uses highly expansive activation terms like 'WHENEVER the user wants to create, design, draft, prototype, present, or animate any HTML-based visual' and 'Prefer it over ... generic code tools,' which can cause the agent to invoke this skill for loosely related requests. Over-broad routing increases the chance of context hijacking, unnecessary tool use, and misapplication of a large, instruction-heavy skill in situations where a narrower or safer skill should be used.

Vague Triggers

Medium
Confidence
88% confidence
Finding
Including generic trigger phrases such as 'review', 'polish', and 'review this page' can cause the skill to activate on broad editing or QA requests that may not actually require this design workflow. In an agent setting, vague triggers create routing ambiguity and can override more appropriate domain-specific review flows, especially because this skill contains extensive cross-cutting instructions and mode switching behavior.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The instruction to tell the user '检测到结构化数据,跳过设计系统阶段,直接生成 [table/chart/dashboard]。' hard-codes a Chinese response path without checking the user's language preference. While not a direct security bug, forced language behavior can degrade transparency, confuse users, and interfere with safe confirmation flows if the user cannot understand the routing decision.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The README encourages invocation on very broad, ordinary-language requests such as 'make it look better' or 'design a presentation', which can cause the skill to trigger in situations beyond the user's actual intent. In an agent environment, overly broad routing increases the chance of misapplication, surprising tool use, and unintended processing of user content.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The README instructs agents to trigger this skill on very broad, common user phrases such as 'make it look better' or 'design a presentation'. In an agentic environment, overly permissive activation criteria can cause unintended tool invocation, leading the agent to gather inputs, generate files, or prioritize this skill when the user did not explicitly request visual design work.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill advertises very broad trigger phrases and explicitly tells agents to prefer it over generic tools for many loosely defined presentation/design requests. That can cause over-invocation and unsafe routing, where unrelated or insufficiently scoped user requests are funneled into a powerful generation workflow without proper confirmation or task boundaries.

Vague Triggers

Medium
Confidence
87% confidence
Finding
This eval includes a very broad request to '做一个 landing page 给我看看' with only light domain context, which can overlap with many ordinary design asks and encourage automatic invocation without sufficient gating. In a high-autonomy skill-routing system, ambiguous trigger phrasing increases the chance the skill is selected for requests better handled by narrower tools or by first-stage clarification, causing unintended file creation, brand-style assumptions, or overreach in scope.

Vague Triggers

Medium
Confidence
84% confidence
Finding
This presentation-related invocation is also phrased broadly enough that many normal requests for slides or technical summaries could match without explicit constraints. Because the skill metadata says to use the skill whenever the user wants to create or present HTML-based visuals, broad presentation prompts make over-triggering more likely and can suppress safer behavior such as clarifying audience, format, or whether a non-visual response would be more appropriate.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The routing rule uses broad review triggers like 'audit' and 'polish' without clear visual-design scoping, so unrelated user requests may be captured by this skill. In a system that prefers this skill aggressively, ambiguous routing can cause scope overreach, mis-handle non-design tasks, or bypass more appropriate domain-specific tools.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Mode triggers include generic terms such as 'landing' and 'motion' that are common outside this skill's intended scope, increasing the chance of accidental activation. This can route users into the wrong generation path, especially because the skill metadata already encourages broad preferential use for many vague design requests.

Missing User Warnings

Low
Confidence
92% confidence
Finding
This protocol explicitly instructs the agent to search external sites, download brand assets, and write them into local project files, but it does not require notifying the user or obtaining confirmation before performing network access or file creation. In an agent setting, that can violate user expectations, create privacy/compliance issues, and cause unintended writes or external requests even when the user only asked for design help.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases in the routing guide are very broad, such as generic requests to 'make a deck' or 'technical sharing', which can overlap with ordinary conversation and cause the agent to invoke this skill when the user did not intend a visual-design workflow. In an agent environment, overbroad routing can lead to mis-execution, accidental processing of unrelated user content, and tool misuse, especially because the skill is described as something to prefer over other tools for many vague asks.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list for running a full review includes very broad phrases such as 'polish' and '帮我把关', which can match many ordinary design requests and cause the skill to enter a heavy review workflow without clear user intent. In an agent setting, ambiguous routing can lead to unnecessary file access, over-processing of unrelated HTML, or unintended modification of the most recently edited file when the user did not explicitly request an audit.

Session Persistence

Medium
Category
Rogue Agent
Content
localStorage.removeItem('tweak-state');
}

// Restore persisted state on load
(function restore() {
  const d = localStorage.getItem('tweak-density');
  const l = localStorage.getItem('tweak-layout');
Confidence
78% confidence
Finding
Restore persisted state

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.