Back to skill

Security audit

email

Security checks across malware telemetry and agentic risk

Overview

This email triage skill asks the agent to read relevant inbox messages for summaries and drafts, which matches its stated purpose and does not show hidden or destructive behavior.

Before installing, confirm what mailbox permissions the connected mail tool grants. Use narrower requests such as sender, date range, label, or unread messages when possible, and review any drafted email before sending.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill directs the agent to access mailbox contents through a connector without first requiring an explicit privacy notice, consent check, or data-minimization step. Because email inboxes commonly contain sensitive personal, financial, legal, and business information, silent or overly eager connector use can expose more data than the user intended to share.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.