Back to skill

Security audit

B2b Saas Paid Ads

Security checks across malware telemetry and agentic risk

Overview

This is a text-only paid advertising planning skill with no code, credentials, system access, or hidden behavior.

Safe to install from a security perspective based on the artifacts reviewed. Users should treat its budget and channel benchmarks as planning guidance and review recommendations before spending ad budget or launching real campaigns.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list is broad enough to match many general marketing or growth conversations, which can cause the skill to activate when the user did not specifically ask for B2B SaaS paid ads planning. Over-broad activation is dangerous because it can route conversations into the wrong specialized workflow, producing irrelevant guidance, suppressing better-matched skills, or causing unintended handling of user requests.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.