Wininsales crm

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed WininSales CRM helper that can read and update CRM records using the user's own CRM authorization.

Install only if you intend to let an agent operate WininSales CRM with your account's permissions. Confirm every write action carefully, review customer names, employee targets, and record IDs before approving, and avoid pasting long-lived tokens or sensitive customer data into reusable files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The skill description is very broad and can trigger on generic CRM or sales-operations requests, causing the agent to invoke this skill in contexts the user did not specifically intend. Because the skill handles sensitive CRM data and write actions, overbroad matching raises the risk of unnecessary access, unintended data exposure, or accidental modification of records under a valid user's authority.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The workflow trigger phrases are generic enough that ordinary business language like '记录一下跟进' or '查一下线索' may match too many unrelated situations. In a skill with customer data access and mutation capabilities, ambiguous invocation increases the chance of acting on the wrong system, wrong tenant context, or wrong user intent, especially when combined with downstream write operations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal