Frontend Architecture Pro

Security checks across malware telemetry and agentic risk

Overview

This is a UI design helper with broad activation wording, but its files are documentation-only and do not request sensitive access or hidden execution.

Installers should expect this skill to help with UI design, CSS tokens, component styling, accessibility, and design handoff. Because its triggers are broad, review whether you want it active for general frontend requests, and always review generated HTML/CSS before using it in production.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger phrases are very broad and can activate on common requests like setting up CSS architecture or design tokens without clear scope boundaries, consent checks, or exclusions. In an agent environment, this can cause unintended invocation and unsolicited architectural changes or recommendations, especially when multiple skills may compete for similar frontend-related prompts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal