Back to skill

Security audit

Ad Creative

Security checks across malware telemetry and agentic risk

Overview

This is mostly a legitimate ad-creative guide, but it needs review because it reaches into campaign-management commands and voice-cloning workflows without clear authorization and consent boundaries.

Review this skill before installing if your agent has access to ad-platform accounts, API keys, media-generation services, or voice-cloning tools. Use it for drafting and iterating creative, but require explicit approval before it creates or manages campaigns, spends ad budget, uploads assets, installs production tools, or clones any real person's voice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill’s declared purpose is ad-copy generation, but this section expands into image/video generation workflows and scaled production guidance. That broadens the operational scope beyond copywriting and can cause an agent to invoke external media tooling or production workflows the user did not request, increasing the chance of unnecessary tool use and unintended side effects.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The tool integration section includes campaign-management operations such as campaign creation/listing even though the skill is scoped as ad-creative generation. In an agentic environment, documenting adjacent management actions can encourage over-privileged behavior, where the agent transitions from drafting copy to pulling account data or modifying campaigns without a tightly bounded purpose.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
Code-based video rendering and external generative media tools are unnecessary for a skill whose primary function is ad-copy generation. Including these capabilities increases attack surface and encourages escalation into file generation, external service use, or automated media production that is not justified by the skill’s core task.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The activation description is very broad and includes many common phrasings, which can cause this skill to trigger for loosely related marketing requests. Over-broad invocation criteria increase the risk of inappropriate skill selection, unnecessary context access, and execution of guidance outside the user’s actual intent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This section explicitly recommends voice cloning for ad creative and brand spokesperson replication but provides no warning about consent, authorization, disclosure, or impersonation risks. In a marketing-focused skill, this omission can normalize deceptive or unauthorized cloning of real people’s voices, enabling fraud, brand impersonation, or misleading ads at scale.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.