Fullrun

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent for Google Ads management, but it gives an agent high-impact authority to automatically change live advertising campaigns without a clear approval or preview step.

Review before installing. Use this only with a Google Ads account you are comfortable delegating to an external CLI, verify the npm package and publisher, prefer the least-privileged API key available, run diagnostic commands first, and require human approval before `fullrun run` changes campaigns, bids, keywords, or budgets.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill exposes a single command, `fullrun run`, that performs broad AI-driven optimization and can directly change live Google Ads campaigns, yet the skill does not require explicit user confirmation at the point of use or clearly frame it as a data-changing/destructive action. In an agent setting, this creates a real risk of unintended budget, bidding, keyword, or campaign-state changes from a loosely interpreted request or automatic workflow.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal