Back to skill

Security audit

Communication Skill

Security checks across malware telemetry and agentic risk

Overview

This is a text-only communication drafting skill that may use connected conversations and notes for context, but that behavior is disclosed and aligned with its purpose.

Install this only if you are comfortable with the agent considering available message history, related conversations, and user notes when helping draft communications. Review generated drafts carefully before sending, especially for sensitive personal, workplace, or high-stakes situations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger conditions are extremely broad, covering virtually any request related to drafting messages, replies, tone analysis, or communication strategy. This can cause the skill to activate for ordinary conversations where the user did not intend deeper context synthesis, increasing the chance of unnecessary access to connected messages, notes, or historical relationship data and creating privacy and scope-creep risks.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.