Email Outreach Ops

Security checks across malware telemetry and agentic risk

Overview

This is a simple email outreach helper whose external-vendor messaging behavior is clearly part of its stated purpose.

Install this only if you want the assistant to help contact vendors. Before any email leaves your account, review the recipient list, final wording, travel or pricing details, and follow-up timing, and keep any tracking table limited to the current outreach task.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly supports sending outreach emails and follow-up messages to external vendors, but the skill metadata and workflow do not warn users that it may initiate external communications on their behalf. This creates a meaningful risk of unintended outbound contact, privacy leakage, or reputational harm if the agent sends messages without clear user awareness, review, or confirmation.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal