DESIGN.md UI Designer

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a broad design-workflow helper, and the available evidence does not show hidden, destructive, or data-stealing behavior.

Before installing, understand that this skill may activate for general design-related requests because its scope is broad. Use it when you want design or UI help, and review generated files before applying them to an existing project.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The description says to use the skill for a very wide range of tasks and to trigger on generic phrases such as "landing page," "visual redesign," and "design tokens." Those phrases overlap with common UI discussions and the file does not provide exclusion conditions or negative examples, increasing the risk of unintended invocation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal