Security audit

Specq Intel Sales

Security checks across malware telemetry and agentic risk

Overview

This sales skill is mostly purpose-aligned, but it automatically stores and reuses sensitive customer history with weak user controls and inconsistent anonymization.

Review this before installing if you handle confidential sales or customer data. Use it only where the MCP server and local memory store are trusted, avoid entering sensitive customer identifiers unless necessary, and confirm there is a way to inspect, delete, or disable stored memories.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Intent-Code Divergence

High

Confidence: 96% confidence
Finding: The skill sets a hard rule that generation must only use the SpecQ MCP and explicitly forbids fallback behavior, yet the workflow later instructs the agent to conduct its own online searches and pass those results into generation. This contradiction creates policy ambiguity that can lead agents to bypass intended trust boundaries, make uncontrolled external requests, and handle data in ways the user did not expect.

Intent-Code Divergence

High

Confidence: 98% confidence
Finding: The skill states that outputs must not contain real customer names and should be anonymized, but multiple examples and workflow steps instruct storage and display of named customer histories. This inconsistency can directly expose sensitive commercial relationship data in generated responses, logs, and memory stores.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The trigger conditions are broad enough to match ordinary sales conversation such as asking what was discussed before or saying a deal was won/lost. Over-broad activation can cause the skill to invoke memory recall, logging, or generation workflows unexpectedly, increasing the chance of unintended data access or persistence.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill mandates automatic use of MCP services, memory operations, and in some modes network-backed search, but it does not present a clear user-facing notice about persistence, retention, or transmission before those actions occur. Users may therefore disclose customer-sensitive information without understanding it will be stored or sent to external services.

Ssd 3

Medium

Confidence: 93% confidence
Finding: The skill requires previous customer interaction details to be recalled and displayed at the start of each generated response. Front-loading historical notes increases the chance of unnecessary disclosure to the wrong viewer, into copied reports, or across loosely scoped sessions where prior context should not have been surfaced.

Ssd 3

Medium

Confidence: 92% confidence
Finding: The workflow mandates automatic recall, append-only retention, and reuse of customer 'dark data,' visit notes, and feedback across future generations. This design encourages broad accumulation of sensitive commercial intelligence and repeated re-exposure over time, increasing impact from prompt mistakes, access-control gaps, or cross-session leakage.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal