Design System Creation

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed design-system workflow with routine project-editing and installation cautions, not hidden or harmful behavior.

Install from a source you trust, especially when using npx or GitHub-based install commands. When applying the skill, review generated CSS, Tailwind, token, and component changes before committing or deploying them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The skill description contains very broad trigger phrases such as "create design system," "design tokens," and "theming," which can collide with many unrelated user requests and cause this skill to activate when a narrower or safer skill would be more appropriate. Over-broad activation increases the chance of misrouting, unintended instruction application, and prompt-surface expansion across unrelated contexts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal