Back to skill

Security audit

Email Writer

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only email writing helper with no executable behavior; its analytics examples deserve privacy awareness but do not show hidden data collection.

Safe to install as a writing/template assistant. Review any generated outreach before sending, avoid deceptive urgency or spam, and use any future analytics/tracking feature only with appropriate recipient consent and privacy disclosure.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The skill advertises email performance tracking and analytics but does not describe privacy implications, data retention, consent requirements, or handling of potentially sensitive recipient metadata. In an email context, analytics can involve personal data such as open rates, identifiers, timestamps, and engagement patterns, which may create privacy, compliance, and trust risks if implemented without disclosure and safeguards.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.