Email Marketing Command Center

Security checks across malware telemetry and agentic risk

Overview

This is a coherent, instruction-only email marketing guide with no code, credentials, persistence, or hidden execution behavior.

Install only if you want an AI agent to help plan and draft email marketing campaigns. Before using its output with a real email platform or CRM, require explicit approval for sends, list imports, segmentation changes, subscriber removals, and automations, and avoid sharing unnecessary subscriber personal data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill description is extremely broad and can match generic email-marketing requests without clear boundaries, increasing the chance the skill is invoked in contexts the user did not explicitly intend. Over-broad activation can cause scope hijacking, where this skill overrides more appropriate instructions or injects long prescriptive workflows into ordinary conversations.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The quick-command phrases are common natural-language utterances like 'write a newsletter' and 'optimize this email', which are likely to appear in normal conversation and can trigger the skill unintentionally. This makes accidental routing more likely and can lead to inappropriate takeover of user requests, especially in environments with multiple overlapping skills.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal