churn-prevention

Security checks across malware telemetry and agentic risk

Overview

This appears to be a cancellation-flow guidance skill with one privacy-related caution, not evidence of hidden or malicious behavior.

Before installing, review the cancellation-reason field design: prefer predefined categories, make free text optional, warn staff not to enter sensitive details, restrict access, and define deletion or retention periods for customer-record notes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The playbook explicitly recommends storing cancellation reasons on the customer record, which introduces collection and retention of potentially sensitive behavioral or free-text personal data without any guidance on notice, minimization, retention limits, or access controls. In this skill context, the risk is more credible because the document is operational guidance likely to be implemented directly in production retention flows, making silent over-collection and privacy noncompliance more likely.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal