Traction Channel Testing

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local planning aid for marketing channel tests, with no hidden code or automatic account access found.

Use this skill only in a workspace where local marketing plans and results are appropriate to store. Prefer aggregated metrics, avoid customer-level identifiers or ad-account credentials, review generated files before sharing them, and make any paid ad buys or sponsorship purchases yourself.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill instructs the agent to create persistent files containing channel results, CAC/LTV data, customer quality, conversions, and potentially source-attribution details without any privacy minimization, retention, or handling guidance. In a real workspace, these artifacts can easily accumulate personal data, campaign identifiers, revenue-linked customer metrics, or other sensitive business information that may later be exposed, overshared, or stored longer than necessary.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal