Back to skill

Security audit

Lead Research

Security checks across malware telemetry and agentic risk

Overview

This is a simple lead-research instruction skill, but users should apply privacy and lawful outreach limits when collecting contact details.

Use this only for lawful B2B lead research. Prefer publicly published business contacts or role-based addresses, avoid guessing or harvesting personal emails, respect site terms and privacy/anti-spam laws, and retain only the minimum contact data needed for a legitimate outreach workflow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explicitly instructs users to identify decision-makers, derive email patterns, and compile contact emails for outreach, but it provides no privacy, consent, or acceptable-use guidance. This creates a realistic risk of facilitating invasive lead generation, unauthorized contact harvesting, or non-compliant outreach, especially because the output format normalizes storing personally identifiable business contact data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.