Mit24 Value Proposition

Security checks across malware telemetry and agentic risk

Overview

This is a text-only business-planning skill; its request for potential-customer contact details needs privacy care but is disclosed and aligned with customer discovery.

Installers should treat generated prospect lists as personal or business contact data: use opt-in or lawfully obtained information, avoid scraping restricted sources, keep only what is necessary, and delete it when no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly asks for a list of 10 potential customers' contact information, which encourages collection and processing of personal data without any guidance on consent, lawful basis, minimization, or safe handling. In a business-planning context, this can lead users to scrape, infer, or store third-party contact details in ways that violate privacy expectations or data protection requirements.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal