Traffic Quality Audit

Security checks across malware telemetry and agentic risk

Overview

This is a text-only ad traffic audit skill with forceful budget-advice instructions, but it does not run code, access accounts, or change campaigns itself.

Install this only if you want a strongly opinionated traffic-quality audit workflow. Treat any pause, cap, exclusion, or reallocation recommendation as a hypothesis until you confirm the actual GA4/Meta data, attribution window, sample size, and business impact yourself.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

High

Confidence: 94% confidence
Finding: The trigger description is overly broad and explicitly activates on vague phrases like 'help me look at my ads,' which can cause the skill to run outside its intended scope. In an agent setting, broad trigger rules increase the chance of misrouting user requests and producing unsolicited budget-cutting or traffic-fraud conclusions based on insufficient context.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The instruction to 'default to the pushy policy for borderline ads questions' creates an ambiguous trigger boundary and pressures the agent to apply a prescriptive workflow even when the request may be only loosely related. This can lead to overreach, low-quality advice, and forced recommendations such as hypothetical shutoffs without adequate evidence, which is risky in decision-support contexts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal