Security audit

Email Reply Assistant Skill

Security checks across malware telemetry and agentic risk

Overview

This is a simple email-writing guidance skill with no executable code, credential access, persistence, or hidden behavior.

Reasonable to install as a template helper for email replies. Avoid pasting passwords, one-time codes, private keys, or unnecessary personal information, and treat the PayPal donation link as optional and separate from using the skill.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The activation guidance is broad enough to match many generic communication or planning requests rather than a narrowly scoped email-reply task. In agent systems that auto-select skills from natural language, this can cause unintended invocation, routing user data or task context into the wrong skill and increasing the chance of inappropriate guidance or prompt-surface expansion.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The example prompt 'Help me outline a concise plan' is highly generic and could be triggered by everyday user requests unrelated to email replies. In systems that use example prompts or semantic matching for skill selection, this weakens skill isolation and may cause the agent to invoke this skill unexpectedly in unrelated contexts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal