Back to skill

Security audit

UI Designer

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only UI design helper with broad activation wording but no code execution, credential access, persistence, or hidden data behavior.

This skill appears low risk for installation. Users should be aware that its broad natural-language triggers may make it activate during general UI work, and they should still review generated HTML/CSS and verify accessibility claims before production use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger description is broad enough to match many ordinary UI-related requests, which can cause this skill to be invoked outside its intended scope. Over-broad activation can route unrelated tasks into a design-oriented workflow, increasing the chance of incorrect behavior, prompt interference, or unintended access to referenced files and instructions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.