Back to skill

Security audit

Real Estate Lead Pilot

Security checks across malware telemetry and agentic risk

Overview

This real-estate lead skill is mostly coherent, but it can store lead contact details and behavioral scores in a CRM and modify calendars without enough consent, retention, or rollback guidance.

Review before installing. Use test CRM records and a test calendar first, grant least-privilege access, require explicit confirmation before calendar bookings or CRM writes, disclose lead data collection and behavioral scoring where required, and do not rely on the Fair Housing, DNC, or zero-hallucination claims without independent validation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill advertises automatic CRM syncing of lead data and behavioral scores without any notice, consent, or limits on what personal information is collected and transmitted. In a real-estate context, this can include sensitive buyer/seller details such as budget, timeline, location preferences, and inferred profiling data, creating privacy, compliance, and unauthorized-sharing risks.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The instruction to write all lead data and a behavioral score to the CRM operationalizes undisclosed collection and profiling, not just a marketing description. This is more dangerous because it directs the agent to persist potentially sensitive personal and inferred data by default, which can violate privacy expectations and trigger regulatory issues if users are not informed or have not consented.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The handoff trigger relies on very broad keywords like "lowest price," "lawyer," and "contract," which are common in legitimate real-estate conversations. In a high-trust lead qualification and booking agent, this can cause excessive escalations, workflow disruption, and inconsistent handling of normal user requests, creating a policy-bypass and reliability risk around safety-critical routing.

Natural-Language Policy Violations

Medium
Confidence
94% confidence
Finding
The rule mandates logging a subjective "engagement_score" without user choice, objective criteria, or governance controls. In a real-estate lead system, this can enable opaque profiling, unfair treatment of leads, and problematic downstream CRM decisions, especially when combined with other qualification or prioritization logic.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.