Back to skill

Security audit

Real Estate — Sphere-of-Influence Referral Ladder

Security checks across malware telemetry and agentic risk

Overview

This is a low-risk advisory skill for real estate referral nurturing, with no code execution or sensitive access.

Install this if you want planning help for nurturing an existing real-estate sphere or past-client database. If your environment relies on strict automatic skill routing, consider narrowing the activation wording so it does not trigger for generic sales, CRM, or marketing discussions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The YAML activation description uses broad business-language triggers like 'wants repeat + referral business' and 'where's my next deal coming from', which are common phrases in ordinary sales or coaching conversations. In agentic systems that auto-select skills from natural language, this can cause unintended invocation and route the conversation into a prescriptive workflow the user did not explicitly request.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The markdown activation section is similarly underspecified: phrases like 'building repeat/referral pipeline' or 'a database sitting idle' are broad enough to match many adjacent business discussions. Because this skill is a domain front door that can activate from loosely related context, accidental invocation is more likely, especially in multi-skill environments where routing precision matters.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.