Upsell Mapper

Security checks across malware telemetry and agentic risk

Overview

This is a marketing-planning skill made of Markdown guidance and templates, with no code execution or hidden system access.

Use this as a planning template, not as ready-to-send legal-compliant marketing automation. Before using the email sequence with real customers, confirm you have permission or another lawful basis, include unsubscribe/preference controls, respect suppression lists, and review CAN-SPAM, GDPR, CCPA, and local marketing rules.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The sequence explicitly uses order details, delivery timing, and inferred product usage windows to drive personalized follow-up, upsell, review, and replenishment emails, but it does not mention consent, unsubscribe handling, lawful basis, or user notice about this ongoing post-purchase contact. In a marketing automation skill, that omission can lead operators to implement privacy-noncompliant lifecycle messaging that creates regulatory, trust, and complaint risk.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal