CRM

Security checks across malware telemetry and agentic risk

Overview

This is a simple CRM guidance skill with no executable code, account access, credential use, or automatic actions.

This skill appears safe to install as a CRM reference. When applying its advice in real CRM systems, users should still handle customer data carefully, confirm consent for outreach, provide unsubscribe options, and follow applicable privacy and access-control rules.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The description '提供CRM管理的可落地指南与SOP。在开展CRM管理相关工作时调用。' is broad enough that an agent may invoke this skill for many routine CRM-adjacent tasks without strong scoping constraints. Overbroad activation can cause inappropriate routing, unnecessary exposure of customer-related workflows or data context, and increased chance of the agent following the wrong operational playbook.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal