Outreach

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only outreach guide whose main risk is ordinary contact-list privacy hygiene, not hidden or automated behavior.

Install if you want outreach planning help, but store any contact lists and response notes only in approved systems, collect the minimum useful information, avoid sensitive personal notes, honor opt-outs, and comply with privacy, anti-spam, and platform policies before sending or tracking campaigns.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly tells users to track personal outreach data such as name, email, company, role, and response notes, but provides no guidance on lawful basis, minimization, retention, access control, or secure handling. In an outreach context, this can lead to unnecessary collection or insecure storage of PII, creating privacy, compliance, and reputational risk if the data is mishandled or exposed.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal