Nonprofit Management

Security checks across malware telemetry and agentic risk

Overview

This is a text-only nonprofit operations skill whose sensitive donor and participant workflows are expected for its purpose, with no executable code, credential access, or hidden data movement.

Safe to install as an advisory nonprofit operations skill. Before using it with real donor, participant, board, or financial data, limit pasted personal information, confirm consent before generating external-facing documents, review receipts and letters before sending, and have qualified legal or tax professionals review filings and state-specific compliance decisions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: This skill explicitly supports donor database management, tax receipt generation, lapsed donor identification, and participant tracking, but it lacks strong operational safeguards around bulk outreach, data minimization, recipient verification, and human review before generating external-facing outputs. In a nonprofit context, that creates a real risk of accidental disclosure of donor or beneficiary personal information, especially when producing letters, receipts, reports, or segmented outreach lists.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal