email-reply-generator

Security checks across malware telemetry and agentic risk

Overview

This is a simple email-reply drafting skill with no code or hidden access, but users should redact sensitive email details before using it.

Before using this skill, remove passwords, account numbers, private links, legal or financial details, confidential business information, and personal data that is not needed for the reply. Share the minimum context needed to draft the response.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly encourages users to paste full email content without any warning about sensitive, confidential, or regulated information. This can lead users to disclose personal data, business secrets, credentials, client information, or other protected content to the system unnecessarily, increasing the risk of privacy and data-handling exposure.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: Recommending that users include the full email context reinforces oversharing and data minimization failures, especially in a skill specifically designed to process communications that often contain sensitive personal or corporate information. In this context, the feature makes the risk more concrete because email threads commonly include signatures, contact details, internal discussions, and confidential material that do not need to be shared in full.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal