Sem Performance Optimization

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Google Ads CSV analysis helper with dry-run safety boundaries and no artifact-backed malicious behavior.

Install only if you intend to use an agent for Google Ads search-term analysis. Keep OAuth tokens, service-account files, and account exports local; review any generated negative-keyword plan yourself before applying it in Google Ads.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The manifest description contains very broad activation phrases such as 'SEM', 'Google Ads', 'PPC', 'CPC', and 'CPA', which are common terms that can appear in many ordinary marketing conversations. That can cause the skill to trigger outside its intended scope, leading the agent to steer users into this workflow prematurely and potentially override better-suited guidance or ask for unnecessary business data.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal