Communication Skill

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only communication drafting skill whose context use is disclosed and aligned with its purpose.

Install this only if you are comfortable with the agent using available communication history, connected sources, and user notes to improve drafts. Review any generated message yourself before sending, especially when sensitive personal or workplace context is involved.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger definition is extremely broad, covering nearly any communication-related request and potentially many ordinary conversations. This can cause the skill to activate outside its intended scope, leading to unnecessary access to conversation context, connected sources, or user notes and increasing the chance of oversharing or privacy-invasive synthesis.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal