Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 70% confidence
- Finding
- Without declared permissions the skill's intent is opaque and cannot be validated.
Email Sequence
Security checks across malware telemetry and agentic risk
Overview
This is a coherent email-sequence drafting and analysis helper with limited, disclosed local context use.
Install this if you want help drafting and evaluating email sequences. Review any `.claude/product-marketing-context.md` in your project because its product, customer, or brand details may influence drafts, and separately review any Mailchimp, Resend, or similar integration before connecting accounts or sending campaigns.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
- MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)
Vague Triggers
Medium
- Confidence
- 89% confidence
- Finding
- The description says to use the skill whenever the user wants to create or optimize an email sequence, drip campaign, automated email flow, or lifecycle email program. While some examples are specific, the activation guidance is still broad and lacks explicit exclusion conditions beyond one in-app onboarding note, which could cause unintended invocation for general marketing discussions.
VirusTotal
64/64 vendors flagged this skill as clean.