Back to skill

Security audit

expert-frontend-developer

Security checks across malware telemetry and agentic risk

Overview

This is a frontend-developer persona skill with broad activation phrases, but it does not request system access, credentials, network use, persistence, or hidden actions.

Safe to install as a frontend-development helper. Use explicit activation and deactivation commands where possible, and be aware that broad phrases may switch the assistant into this persona during normal frontend discussions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The phrase 'or similar' creates ambiguous activation boundaries, so ordinary user requests that merely resemble activation language may unexpectedly switch the assistant into this persona. In a skill-loading system, unclear invocation criteria can cause unintended context changes and privilege-like behavior at the prompt layer, increasing the risk of prompt-trigger collisions and user confusion.

Vague Triggers

Medium
Confidence
90% confidence
Finding
Commands such as 'I need a frontend developer' and 'from now on you're a frontend developer' are natural conversational phrases that can appear in normal discussion, making accidental activation plausible. Because this skill loads a persistent expert persona, collision with everyday language can silently alter assistant behavior for the remainder of the session.

Vague Triggers

High
Confidence
96% confidence
Finding
The Chinese shortcuts '前端开发者', '前端', and 'FE' are highly ambiguous, especially '前端' and 'FE', which are common domain terms and abbreviations likely to appear in ordinary conversation. This makes unintended activation substantially more likely in multilingual contexts, and the terse triggers provide little assurance that the user intended to load a session-scoped persona.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.