Back to skill

Security audit

Sales Pipeline Agent

Security checks across malware telemetry and agentic risk

Overview

This is a local sales pipeline helper that edits a disclosed JSON file on disk, with no evidence of hidden network access, credential use, or unrelated behavior.

Install only if you want a local sales pipeline tracker. Back up the pipeline.json file before using delete commands, avoid storing secrets or regulated customer data in deal notes, and verify deal IDs before updates or deletion because removed records are not recoverable by the tool.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documented `delete_deal` capability says deals can be permanently removed, but the skill does not warn that deletion is irreversible or may cause data loss in the local JSON database. In a sales pipeline context, accidental or misunderstood deletion can destroy business records, forecasting inputs, and activity history without clear user awareness.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.