Linkedin Lead Generation

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do disclosed LinkedIn prospect research and report generation, with ordinary privacy and local-file considerations for lead data.

Install this only if you want an agent to perform LinkedIn-oriented prospect research and create local reports. Before using it, specify limits such as lead count, geography, acceptable sources, and whether to include personal contact details; review or delete generated reports if they contain sensitive prospect data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The invocation condition 'Use when asked to find potential clients or leads' is broad enough to trigger in many common business-search contexts without clear user consent boundaries. In practice, this can cause the agent to perform large-scale prospecting, LinkedIn profiling, and company analysis more aggressively than the user may have intended, increasing privacy and policy risk.

Missing User Warnings

Low

Confidence: 77% confidence
Finding: The skill instructs the agent to create an HTML-based PDF report using file-writing behavior without any disclosure that a local artifact will be generated. Undisclosed file creation can surprise users, create unwanted persistent artifacts, and in some environments may expose prospect data in local storage or shared workspaces.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal