Back to skill

Security audit

GTM Meeting Prep

Security checks across malware telemetry and agentic risk

Overview

This sales account-research skill uses web search for public company and persona research; the privacy risk is real but disclosed and aligned with its purpose.

Install this for intentional sales account research on named companies. Avoid giving it confidential meeting notes, private attendee lists, or unnecessary personal details, and verify sources before using persona or pain-point claims in outreach.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly requires web search for attendee and account research, which can cause meeting metadata, company names, attendee identities, or other contextual details to be sent to external services without any privacy notice, minimization guidance, or consent check. In a sales-meeting context, this is especially sensitive because calendar invites and attendee lists often contain personal data and confidential business relationship information.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.