Communication Playbook

Security checks across malware telemetry and agentic risk

Overview

This is a company communication guidance skill, not an executable tool, but users should be careful because it applies broad HeySalad-specific tone rules to sensitive messages.

Install this only if you want HeySalad’s communication style available broadly in your agent. Treat it as drafting guidance, not approval authority; have qualified humans review regulator, investor, legal, HR, compliance, financial, customer-commitment, or crisis communications before sending.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

High

Confidence: 95% confidence
Finding: The skill's trigger scope is exceptionally broad, effectively claiming almost any communication-related task. In an agentic system, this can cause over-invocation and unnecessary routing of user requests through a prescriptive playbook, increasing the chance of inappropriate tone shaping, policy bleed-over, or handling sensitive communications without sufficient task-specific safeguards.

Natural-Language Policy Violations

Medium

Confidence: 87% confidence
Finding: The skill mandates a specific company voice and communication posture without asking whether that style matches the user's intent, audience, or risk tolerance. This can override user autonomy and produce communications that are misaligned, especially in high-stakes contexts like regulators, investors, or cross-cultural audiences.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal