FaxAgent-Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed FaxAgent.ai workflow helper, with sensitive fax and payment-link handling that fits its stated purpose when used carefully.

Install only if you intend to use FaxAgent.ai. Confirm the recipient, fax number, document, and any payment step before acting; keep tokenized upload, preview, payment, and status links private; inspect optional shell commands before running them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Intent-Code Divergence

Medium

Confidence: 86% confidence
Finding: The payment section claims to be display-only and forbids auto-pay, but then permits constructing a 'convenience URL' from explicit payment metadata. That creates a pathway for the agent to actively transform payment inputs into actionable payment links, which weakens the stated human-in-the-loop boundary and can enable phishing, payment redirection, or unintended transaction initiation if the metadata is malicious or incorrect.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: Using a single-word activation trigger like 'fax' is overly broad and can cause accidental invocation in unrelated conversations. In agent environments, broad triggers increase the chance the skill activates on incidental text and starts collecting sensitive contact or payment-related data without clear user intent.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal