Back to skill

Security audit

Web Design Guidelines

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a UI review helper, but it delegates behavior to remote instructions that can change after installation.

Install only if you are comfortable with the skill fetching and following remote review guidance at runtime. Prefer a version that vendors its review criteria locally or treats external links as non-authoritative references.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs the agent to fetch remote content at runtime and then treat that fetched content as authoritative rules and output instructions. This creates a supply-chain and prompt-injection risk: whoever controls or compromises the remote document can change the skill’s behavior, expand scope, or inject unsafe instructions without any local review or version pinning.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
Although the manifest presents this as a local UI review skill, the actual review logic and even output formatting are delegated to externally fetched content. That mismatch hides dynamic behavior from users and reviewers, making the skill susceptible to remote instruction changes and reducing transparency about what the agent will actually do.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrases and scope are very broad, covering generic UI, UX, accessibility, CSS debugging, and dashboard work. Overbroad routing increases the chance this skill is selected in unrelated contexts, which is especially risky here because the skill then performs remote fetch-driven behavior and follows external instructions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.