Email Sequence

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only email sequence helper with no code execution or sending ability, though users should be careful with business and customer data used for personalization.

Safe to install for drafting and optimizing email sequences. Review any local product-marketing context file before use, avoid putting secrets or sensitive customer data there, and make sure any segmentation, behavioral triggers, unsubscribe handling, and consent practices comply with your policies and applicable marketing/privacy rules.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The eval explicitly rewards the skill for triggering on casual phrasing, which creates an overly broad activation condition rather than a precise, domain-specific one. In an agent system, this can cause the email-sequence skill to activate on generic support or marketing questions, leading to incorrect routing, unintended behavior, and increased exposure to prompt collisions with other skills.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal