automation-workflows

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only guide for planning no-code business automations, with no hidden code or automatic access to accounts.

Before building automations from this guide, review OAuth scopes, use least-privilege accounts, test with non-production or low-risk data first, and make sure you can disable or revoke each workflow if it misfires.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger phrases include very broad terms like "automate," "automation," and "save time," which are common in many benign conversations and can cause this skill to activate outside its intended scope. Overbroad activation increases the chance the agent will inappropriately steer users toward connecting tools, moving data, or setting up automations in contexts where privacy, safety, or business logic should be reviewed more carefully.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill encourages automation across third-party tools, CRMs, payment systems, and customer communication channels but does not warn about privacy, consent, data minimization, or the risk of corrupting business records through incorrect mappings and triggers. In this context, users may be prompted to connect sensitive customer and financial systems without being told to validate permissions, protect personal data, or test safely, creating real confidentiality and integrity risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal