Afrexai Automation Strategy

Security checks across malware telemetry and agentic risk

Overview

This is a text-only business automation strategy guide with broad invocation examples but no executable code or hidden system access.

Safe to install as a consulting-style playbook. Use care before sharing secrets, customer data, or confidential process details, and require human review for payments, customer-facing responses, legal, HR, security, or production workflow changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The quick-start phrases are extremely broad and action-oriented, encouraging the agent to adopt a powerful automation-strategist role from a short natural-language prompt without defining scope, permissions, or safety boundaries. In a skill that recommends and designs business automations, this can cause unintended activation in unrelated conversations and lead the agent to provide high-impact operational guidance without sufficient user confirmation or context checks.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill defines very broad natural-language trigger phrases such as 'audit my processes for automation opportunities' and 'recommend automation platform for [process]'. These phrases are generic enough to overlap with ordinary user requests, increasing the chance the skill activates unintentionally and injects large amounts of automation guidance into unrelated conversations or contexts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal