Security audit

Gingiris Kol Outreach

Security checks across malware telemetry and agentic risk

Overview

This skill is only documentation, but parts of the playbook teach deceptive traffic and ranking manipulation that users should review carefully before installing.

Install only if you intend to use it as a reference for lawful, disclosed influencer outreach. Avoid the sections that recommend ranking manipulation, fake or padded traffic, undisclosed promotional posting, or bulk unsolicited messaging, and apply your platform terms, advertising disclosure rules, privacy obligations, and anti-spam requirements before acting on any outreach workflow.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: This section goes beyond normal influencer outreach and explicitly describes manipulating Product Hunt ranking and engineering GitHub Trending outcomes through paid '打榜', hunter payments, and controlled star-growth patterns. Those tactics can facilitate platform abuse, deceptive popularity signals, and coordinated inauthentic behavior, which is dangerous in a marketing playbook because it operationalizes fraudulent growth manipulation rather than legitimate promotion.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The document explicitly recommends buying 'cheap traffic accounts' to add impressions and endorses a mix of real and purely volume-padding traffic. This is a classic engagement inflation tactic that misrepresents campaign performance, encourages low-quality or fake traffic procurement, and can be used to deceive stakeholders, platforms, or customers about actual demand and reach.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: This section promotes AI-generated outreach, DM automation, contact list building, and UTM-based tracking without warning users about privacy, consent, anti-spam, or platform policy risks. In practice, users may use the playbook to automate unsolicited messaging or process personal data without appropriate notice or lawful basis, creating compliance, account-enforcement, and reputational risk.

Natural-Language Policy Violations

Medium

Confidence: 95% confidence
Finding: The skill declares the language as Chinese in the main content and presents the operational handbook in Chinese without an explicit instruction to preserve or adapt to the user's preferred language. In an agent setting, this can cause the assistant to switch languages unexpectedly, reducing user comprehension and increasing the risk of mis-execution for outreach, pricing, or data-handling steps.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal