ooutreachskill

Security checks across malware telemetry and agentic risk

Overview

This is a plain-text Floods sales-outreach skill with broad activation wording, but it does not include code, hidden execution, credentials, persistence, or automatic sending behavior.

Install this only if you want a Floods-specific cold outreach assistant. Review every generated message before sending, narrow use to intentional outreach work, verify claims such as impression volume and cost comparisons, and make sure prospect research, WhatsApp/LinkedIn/email contact, and follow-ups comply with applicable platform, privacy, and anti-spam requirements.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

High

Confidence: 98% confidence
Finding: The skill declares extremely broad trigger conditions and says it should "always load" for common terms like DM, outreach, hook, prospect, and follow-up. In an agent environment, this can cause the skill to activate in many unrelated contexts, unnecessarily injecting persuasive outreach instructions and increasing the chance of undesired behavior, prompt-scope hijacking, or policy bypass through context flooding. The risk is elevated because the skill contains operational messaging templates and prescriptive instructions rather than narrow reference material.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal