销售助手(Sales Assistant)
Security checks across malware telemetry and agentic risk
Overview
This sales-assistant skill handles sensitive sales and customer information, but its files disclose that purpose and require permissions, masking, audit logs, and human confirmation for risky actions.
Install only for teams authorized to process the relevant customer, sales, meeting, transcript, contract, and CRM data. Configure Feishu/Hermes permissions, audit logs, archive retention, and human approvers before production use, and prefer masked or minimized inputs whenever possible.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
62/62 vendors flagged this skill as clean.