Security audit

Picasso

Security checks across malware telemetry and agentic risk

Overview

This is a frontend design guidance skill with broad but disclosed scope and no executable install or hidden data behavior.

Install this if you want an opinionated frontend design assistant. Be aware that it may activate broadly for visual-interface work and that any generated sound or haptic feedback should be reviewed so it is opt-in, preference-aware, and accessibility-friendly.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Intent-Code Divergence

Medium

Confidence: 84% confidence
Finding: The document’s own rules say sound should be gated by a user preference, but the example defaults `soundEnabled` to true and plays audio on completion without showing any persisted consent or preference check. This can lead downstream implementers to ship unsolicited sensory feedback, causing privacy/UX violations, accessibility issues, and noncompliance with user settings expectations, though it is not a direct code-execution or data-exfiltration flaw.

Vague Triggers

High

Confidence: 97% confidence
Finding: The skill description and trigger guidance are extremely broad, explicitly instructing use on a wide range of common frontend, design, and even general visual-output requests, including cases where the user did not explicitly ask for design help. This can cause unintended invocation, over-collection of conversational context, and inappropriate steering of unrelated tasks into this skill, which increases the chance of policy bypass, prompt injection exposure, or workflow disruption in agent systems that auto-select skills from metadata.

Missing User Warnings

Medium

Confidence: 80% confidence
Finding: The sample invokes haptic feedback directly (`hapticSuccess()`) without demonstrating user preference/consent gating, even though haptics are a sensory output that may be unwanted or accessibility-sensitive. In a frontend design skill, examples are likely to be copied verbatim, so this omission can propagate patterns that ignore user control and platform expectations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal