Service Business Prospecting

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed sales-prospecting workflow that collects public business lead contact details into CSV files, with privacy-handling cautions for users.

Before installing, confirm that lead collection and outreach comply with privacy laws, anti-spam rules, and source-site terms such as Facebook/Yelp policies. Store generated CSVs securely, minimize personal contact data when business channels are enough, honor opt-outs, and delete stale lead files when no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill is explicitly designed to collect, enrich, and persist business contact data including owner/contact names, phone numbers, emails, and addresses into dated CSV files. Even though this is business prospecting rather than obviously sensitive consumer data, it still involves personal/contact information and provides no warning, handling guidance, retention limits, or compliance guardrails, which increases the risk of privacy misuse, unauthorized outreach, or improper storage.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal