Lead Research Assistant Cn

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only sales lead research skill, with the main caveat that optional repository analysis could expose private project details to the agent.

Install only if you are comfortable using an agent for sales lead research. If you run it inside a repository, remove secrets, credentials, customer data, and unrelated private files first. Do not use leaked third-party secrets or sensitive personal data as sales material.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs users to run it from a product source-code directory and says it will analyze the repository to understand the product, but it does not clearly warn that local source files may be inspected. This can lead users to unintentionally expose proprietary code, credentials, internal URLs, or other sensitive business information during lead-generation tasks that do not obviously require full repository access.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal