Back to skill

Security audit

Email Outreach Templates

Security checks across malware telemetry and agentic risk

Overview

This is a small business outreach email template skill with broad activation wording but no evidence of hidden access, automatic sending, credential use, persistence, or destructive behavior.

Use this as a writing aid for sales or partnership outreach, not as an email-sending tool. Review generated messages for accuracy, personalization, consent, and marketing or anti-spam compliance, and invoke it explicitly when you want business outreach templates.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger conditions are very broad and map to common phrases like '邮件模板', '外展邮件', '首次联系', and '跟进邮件', which can cause the skill to activate for many ordinary business-writing requests without sufficient scoping. This is dangerous because it can unexpectedly override more appropriate skills or inject sales-email behavior into unrelated contexts, increasing the chance of misfires and unintended handling of user requests.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.