Back to skill

Security audit

FlashRev AI Enrich

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed guide for using FlashRev's CSV enrichment CLI, with meaningful approval steps around paid contact unlocks, overwrites, and third-party egress.

Install only if you intend to let an agent enrich lead-list CSVs through FlashRev. Before live runs, confirm the source and output CSV paths, token or credit spend, requested contact fields, overwrite behavior, and any customer_api destination domain. Do not approve internal-target access or mapping secrets into request headers or bodies unless you deliberately need that behavior in a trusted environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
--capability enrich_email \
  --map first_name=first_name --map last_name=last_name --map company_name=company \
  --output verified_email=verified_business_email
# (preview shown, type 'y' to continue, or pass --yes to auto-confirm)

# 7. audit spend
flashrev-ai-enrich token-history --from 2026-05-01
Confidence
85% confidence
Finding
auto-confirm

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.