Super Personasiled Search

Security checks across malware telemetry and agentic risk

Overview

This is a coherent developer skill for a network analytics app, but users should know it sends contact details and notes to OpenAI when the AI features run.

Install only if you are comfortable running a developer app that stores network contact records in Redis and sends contact details, including free-form notes, to OpenAI for ranking and suggested actions. Avoid putting sensitive notes or confidential relationship data into the system unless you have an appropriate OpenAI/data-processing setup and consent from relevant users.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The code sends full connection records, including names, roles, companies, locations, tags, notes, and interaction history, to the OpenAI API for scoring. If users are not clearly informed and no data-minimization controls exist, this creates a privacy and data-governance risk because potentially sensitive professional contact data is disclosed to a third party.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The action-generation path transmits identifiable contact details and notes to OpenAI, again exposing third-party personal/professional data to an external service. This is especially risky because free-form notes may contain sensitive context, and the code shows no notice, consent, or filtering before export.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal