Material Design Skill

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Material Design 3 reference skill with no executable code, credential access, persistence, or hidden data handling.

Safe to install as a low-risk reference skill. Review copied code examples before production use, and consider narrowing automatic activation if generic UI or design prompts trigger it too often.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger list includes broad phrases such as “设计系统” and “Android UI”, which can overlap with ordinary design or development conversations and cause unintended activation. This is not a code-execution issue, but it can route users into the wrong skill context, creating misleading responses or unwanted behavior selection.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger list includes very broad and generic terms such as "Compose", "Typography", "按钮样式", and general UI/design phrases, which can cause the skill to activate for unrelated requests. Over-broad activation can route users into the wrong skill context, increasing the chance of misleading answers, prompt-surface expansion, and interference with more appropriate or safer skills.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal