Proof Email

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed B2B sales-email drafting skill that uses public research and optional GrowthNation proof data without hidden execution, persistence, or automatic sending.

Before installing, understand that the skill can use public web research and, if GrowthNation MCP is already connected, saved customer proof to draft personalized outreach. Use it only when you intend B2B sales email drafting for a specific recipient, and review drafts for accuracy, privacy, and outreach-compliance expectations before sending.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill description is broad enough to trigger on many ordinary requests for writing sales emails, which can cause unintended invocation and overreach into general-purpose assistance. While not directly enabling code execution or data exfiltration, loose activation boundaries increase the chance the skill is selected in contexts where its web/MCP research behaviour and persuasive-output framing are not appropriate.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal