Landing Page Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a simple landing-page generator that writes static files to a clear output folder, with only a minor caution about declared shell access.

Safe to install for generating static landing pages. Expect it to create output/landing-page/index.html and output/landing-page/README.md in the workspace, and review any unexpected shell command before allowing it because Bash is declared even though normal use should only require reading a brief and writing files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 94% confidence
Finding: The skill explicitly instructs the agent to save generated artifacts into `output/landing-page/`, but the skill description does not clearly warn users up front that invoking it will write files into the workspace. This can lead to unexpected filesystem modification, especially if a user assumes the skill only drafts content in-chat; while the write target is scoped and non-destructive, hidden side effects are still a real safety and transparency issue.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal