Back to skill

Security audit

Automation Workflows Local

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only guide for building no-code business automations, with expected but important risks around connected accounts and customer-facing workflows.

Safe to install as a guide, but do not blindly enable workflows it helps design. Use least-privilege OAuth connections, test with non-production or clearly marked test data where possible, minimize copied customer fields, and require human review for money movement, customer emails, CRM status changes, and public posting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrases are very broad and include common terms like 'automate' and 'save time', which can cause the skill to activate in many unrelated conversations. Over-broad activation increases the chance the agent injects automation advice or workflow actions when the user did not intend to invoke this skill, creating confusion and potentially unsafe downstream recommendations involving third-party systems.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill gives detailed guidance for automations that process customer data, send emails, update CRMs, create invoices, and react to webhooks, but it does not warn about privacy, consent, testing in non-production environments, or unintended side effects. In practice, this omission can lead users to deploy workflows that mishandle personal data, spam customers, or trigger irreversible actions across connected systems.

VirusTotal

46/46 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.