Frontend Architecture

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only frontend architecture guidance skill with no executable code, data access, persistence, or hidden behavior.

Safe to install as frontend architecture guidance. Treat its generated ESLint, Vite, Next.js, monorepo, and ADR examples as templates to review before applying to a real project. The publisher should narrow the trigger wording if accidental activation becomes annoying and correct the mismatched capability tags.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The skill is configured to trigger on very broad, everyday project-discussion phrases such as technology selection, project structure, coupling, and technical debt. This can cause unintended invocation in normal conversations, leading the agent to activate outside the user's actual intent and increasing the chance of irrelevant guidance or context hijacking by unrelated prompts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal