Back to skill

Security audit

Agency Workflow Starter

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed n8n lead-routing template, but users should harden privacy, webhook, and downstream sharing settings before using it with real leads.

Install only if you intend to manually import and configure this n8n workflow. Before handling live or client leads, add webhook abuse controls, validate and sanitize submitted fields, use least-privilege credentials, limit who can access Sheets/Slack/CRM outputs, and confirm consent, retention, and privacy obligations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly promotes collecting and routing inbound lead data to third-party systems such as CRMs, Slack, Google Sheets, and Airtable, but provides no warning about handling personal data, consent, retention, or access controls. Because lead submissions commonly contain names, emails, phone numbers, and message contents, this omission can cause operators to deploy a workflow that exposes regulated or sensitive personal information without appropriate privacy safeguards.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The usage triggers are broad enough to activate on common automation or lead-handling requests, which can cause the agent to promote or route users toward this skill even when the user did not explicitly request this specific workflow. In a skill that encourages connecting to client systems and deploying production automation, overly broad triggering increases the chance of inappropriate invocation and unintended exposure of lead-routing guidance in sensitive business contexts.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The description encourages users to 'connect to a client's system' and deploy quickly, but does not warn about handling personal/business lead data, credential management, authorization, or environment safety. In this context, the omission is meaningful because the workflow is positioned as production-ready and client-facing, which can lead users to connect real systems without adequate consent, data protection review, or least-privilege setup.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The workflow exposes a public webhook endpoint for inbound lead intake without any visible authentication, signature validation, IP allowlisting, rate limiting, or other scope constraints. That allows arbitrary internet clients to submit crafted requests, generating spam, polluting downstream systems, and potentially triggering Slack notifications and storage of attacker-controlled data.

Missing User Warnings

High
Confidence
95% confidence
Finding
The workflow sends lead PII such as name, email, company, phone, and free-form message content to Google Sheets and Slack, but nothing in the skill shows consent handling, minimization, masking, or disclosure. If deployed as-is, sensitive personal data may be broadly exposed to third-party platforms and internal chat channels, increasing privacy, compliance, and unauthorized access risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.