Back to skill

Security audit

ui-designer

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-only UI/front-end design helper that does not install code, request credentials, or access user data.

Install this if you want a Chinese-oriented UI/front-end design prompt. Review any generated Vue/Tailwind or other front-end code before using it in a real project.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill contains very broad generation requests and mixes multiple objectives without clear activation boundaries, scope limits, or refusal conditions. In an agent setting, this can cause over-broad triggering, prompt confusion, or unintended execution of design/code-generation behavior on loosely related user inputs, increasing the chance of instruction hijacking or misuse.

Natural-Language Policy Violations

Medium
Confidence
81% confidence
Finding
The skill hard-requires Chinese instructions/output without documenting a justified locale constraint or offering a language option. While not directly a code-execution issue, this can reduce transparency, hinder review and monitoring in multilingual environments, and make misuse or unsafe behavior harder for operators to detect.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.