Back to skill

Security audit

Insurance Private Domain Ops

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only insurance CRM operations skill; it handles sensitive customer outreach concepts, but the behavior is disclosed and aligned with its stated purpose.

Install/use this as an advisory operations playbook, not as proof of legal compliance. Before using real customer data or sending messages, confirm lawful consent for each channel, honor opt-outs and suppression lists, minimize or mask identifiers, restrict access to authorized staff, and require human approval for customer-facing campaigns involving sensitive policy, claims, high-value, or complaint-related data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill describes AI-driven personalized outreach using policy information, lifecycle stage, labels, and customer behavior across channels, but the operational guidance does not consistently require consent checks, data minimization, access controls, or human review before using sensitive insurance/customer data for automated messaging. In an insurance context, this can lead to unlawful profiling, over-collection or misuse of personal information, and privacy-invasive outreach at scale, especially given the large customer base and the sensitivity of policy and claims-related data.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The reference document includes customer profiling dimensions and a SQL template that directly selects personal data fields such as name, phone, city, occupation, and family status, but provides no privacy constraints, minimization guidance, masking, or authorization requirements. In a customer-operations skill, this increases the likelihood that downstream agents or users will treat broad PII extraction and segmentation as normal workflow, which can lead to unnecessary exposure or misuse of sensitive customer data.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The SOP explicitly prescribes repeated outreach through enterprise chat and SMS based on inactivity windows, but it provides no guardrails for verifying customer consent, honoring opt-outs, or checking applicable privacy and anti-spam requirements. In a customer-operations skill for insurance private-domain marketing, this omission can lead to unauthorized contact, privacy complaints, regulatory noncompliance, and reputational harm at scale.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.