Security audit

Kol Outreach

Security checks across malware telemetry and agentic risk

Overview

This skill is a small set of disclosed outreach templates and localized README files, with no executable code or hidden automation.

Use the templates responsibly: personalize messages, respect platform rules and anti-spam laws, and avoid bulk or deceptive outreach. The skill itself is static template content and does not automate sending messages.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 95% confidence
Finding: The entire skill description is presented only in Korean, with no indication that the user can choose another language and no justification that this is a Korea-specific or Korean-only skill. Under the policy, forcing a specific language without user opt-in is a natural-language locale violation.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.