Prospect Researcher

Security checks across malware telemetry and agentic risk

Overview

This is a public-web B2B prospect research helper with no executable code, credential use, persistence, or hidden system access.

Use this skill only for legitimate B2B prospect research where you are comfortable sending company or lead names to your configured web search provider. Keep outputs limited to public, work-relevant information, avoid sensitive personal details, and verify cited sources before using outreach recommendations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The skill is framed broadly enough that it could activate for generic requests to 'research' a person, company, or lead without strong scoping constraints. In a prospecting context, that can lead to over-collection of personal/professional data, unintended profiling, or use in contexts beyond legitimate B2B qualification, especially because the workflow explicitly gathers contacts, recent activity, and inferred pain points.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal