Upwork Proposal Coach

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable freelance proposal coaching skill, with minor scoping and compliance notes but no evidence of hidden access or harmful behavior.

Before installing, treat this as business coaching rather than guaranteed platform-policy advice. Verify Upwork or other marketplace rules before moving client relationships off-platform, buying connects, using paid features, or changing pricing based on the skill's advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger list is broad enough to activate on generic freelance and client-acquisition conversations, not just explicit requests for proposal coaching. Over-broad activation can cause unintended routing of ordinary user prompts into this skill, increasing the chance of irrelevant advice, policy-bypassing guidance around platform behavior, or unsolicited coaching on off-platform migration and ranking manipulation topics.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal