Back to skill

Security audit

SEO Outreach Workflow

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate SEO outreach research and draft workflow, with some wording users should read carefully around tracker updates and reply handling.

Install this only for SEO outreach research and draft preparation. Prefer pasted CSVs, exports, or read-only sheet access; if you connect a live tracker, explicitly approve whether it may mark rows as processed. Do not give this skill Gmail or inbox access, and use a separate approved workflow for sending emails or monitoring replies.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The skill presents itself as research-and-draft-only in Step 6, but earlier instructs the agent to update a connected tracker by changing row status to processed. That mismatch can lead to unauthorized state changes in external systems and misleads users about whether the skill performs write actions, which is a security and integrity issue even if the write is limited to a spreadsheet.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrase "Run outreach" is overly broad and can match ordinary user language that is not clearly intended to invoke this skill. Because this skill can perform web research, process spreadsheets, and prepare outreach actions, ambiguous activation increases the chance of unintended execution and data handling beyond user intent.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The phrase "Prepare outreach drafts" is underspecified and could be triggered by routine discussion of outreach rather than a deliberate request to run the skill. In this context, accidental activation could cause the agent to start collecting contacts, analyzing targets, or generating messaging from external sources without sufficiently clear user authorization.

Vague Triggers

High
Confidence
96% confidence
Finding
The trigger phrase "Check for replies" is especially risky because it implies inbox-monitoring behavior even though the README states reply monitoring should be handled by a separate approved workflow. This mismatch can cause unauthorized or confused invocation of capabilities involving mailbox access, creating a higher risk of privacy violations, credential misuse, or boundary crossing between skills.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger text says to invoke the skill when the user asks to process a spreadsheet or CSV, which is far broader than link-building outreach. This can cause the skill to activate on unrelated spreadsheet tasks and pull the agent into external fetching, contact discovery, or outreach-drafting behavior the user did not intend, increasing the chance of inappropriate data handling or action selection.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.