CMA Email

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended to send email, but its very short triggers and no-confirmation sending flow create a meaningful risk of accidental or prompt-injected outbound messages.

Review before installing. Use it only if you are comfortable with an agent sending email from short commands, and prefer adding an explicit confirmation step that shows the recipient, subject, and body before any message is sent.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs the agent to immediately execute an external side effect (sending email) whenever a short prefix is detected, explicitly discouraging normal conversational confirmation. This creates a real risk of unintended or prompt-induced outbound communication to external recipients, which can leak sensitive data, spam contacts, or be abused by maliciously crafted user input.

Vague Triggers

Low

Confidence: 87% confidence
Finding: The trigger phrases are extremely short and broadly defined, so benign user messages that happen to start with "cma" or "cmap" can activate the skill unintentionally. In this skill's context, accidental activation is more dangerous because the action is not merely informational—it sends real email to fixed external addresses.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal