Backend Developer
Security checks across malware telemetry and agentic risk
Overview
This skill openly aims to compose and send email with a human approval step, but the actual email-sending tool and prompt helper it depends on are missing from the submitted artifacts.
Review before installing. Confirm the missing email tool, DTO, and message prompt files from the publisher, verify which OpenAI and email-account credentials are required, and test that every outgoing email visibly pauses for approve, edit, or reject before delivery.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.