Carrier Relationship Management

Security checks across malware telemetry and agentic risk

Overview

This skill is a transportation-management advisory package with business-impacting templates and recommendations, but no evidence of hidden access, automatic sending, persistence, or data exfiltration.

Reasonable to install as a decision-support skill. Before sending generated carrier emails or acting on recommendations, verify recipients, attachments, rates, contract terms, compliance records, and whether the message includes only necessary business or personal data. Keep human approval for carrier suspensions, allocation changes, RFP awards, payment-term changes, and TMS or contract updates.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The templates are designed for direct substitution and sending, and they include placeholders for personal contact details, MC numbers, contract terms, lane data, performance metrics, and dispute documentation. Because the guidance does not instruct users to verify recipients, validate attachments, or minimize sensitive content before transmission, it increases the risk of misdirected emails, over-sharing commercially sensitive information, or exposing personal and operational data to the wrong party.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal