Marketing Agency Operations

Security checks across malware telemetry and agentic risk

Overview

This skill is a plain-text agency operations helper that asks for relevant business details but does not show hidden execution, credential access, or unsafe behavior.

Install only if you are comfortable giving an agent agency operations context. Use client aliases or minimal details where possible, avoid unnecessary confidential or regulated information, and confirm before using it for reminders, reports, billing notes, or client-facing drafts.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill is defined in very broad operational terms without clear activation boundaries, permitted data types, or task constraints. In an agent setting, this can cause over-collection of business data, unintended use in unrelated contexts, and prompt-injection-style misuse because the agent has no narrow scope to fall back on.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The setup instructions explicitly request client rosters, retainer amounts, team names, and roles without any minimization, confidentiality notice, or handling guidance. That encourages users to provide business-sensitive and potentially personal information to the agent, increasing the risk of unnecessary exposure, retention, or downstream misuse in summaries, reports, or other automations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal