Back to skill

Security audit

Meta Ads AI Auditor

Security checks across malware telemetry and agentic risk

Overview

This is a lightweight advisory website-audit skill with no executable code, persistence, credential handling, or hidden high-impact behavior.

Installers should be aware that the skill may activate on broad business or company-name prompts and its marketplace naming is inconsistent. Use it for intended website or landing-page audits, and treat its conversion and automation recommendations as advisory rather than authoritative.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill can be invoked on very broad inputs such as any business website, landing page, company name, or service business, without clear scoping or validation criteria. This increases the chance of accidental activation on irrelevant or sensitive targets, which can lead to unintended analysis, misleading outputs, or processing of data the user did not clearly intend to submit.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.