Ad Manager

Security checks across malware telemetry and agentic risk

Overview

This ad-management skill matches its advertised purpose, but it can launch or change paid campaigns from broad natural-language requests without a clear final confirmation step.

Install only if you are comfortable giving an agent advertising-management authority. Use the test agent first, connect real ad accounts only deliberately, and require a final human approval before creating campaigns, uploading creatives, changing status, or reallocating budget.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The example trigger phrase for creating ads is very broad and presented as a natural-language command without any invocation boundary, namespace, or confirmation step. This can cause accidental activation during ordinary conversation or when discussing ad planning, leading the agent to initiate campaign-management behavior unexpectedly in a business-sensitive context.

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The analysis example is similarly ambiguous and can overlap with ordinary requests like asking for a summary of recent ad performance. In a skill that handles campaign optimization and reporting, ambiguous activation may expose sensitive marketing data or trigger automated analysis workflows when the user only intended general discussion.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal