Back to skill

Security audit

Quentn

Security checks across malware telemetry and agentic risk

Overview

This Quentn connector skill is purpose-aligned and clearly labels its read, write, and destructive CRM actions, with confirmation required for state-changing operations.

Install this only if you want Codex to operate your Quentn account through OOMOL. Review payloads carefully before approving create, update, delete, remove, or set actions, because those can change or remove CRM data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The description directs the agent to use this skill for ANY Quentn-related request, including broad read, write, and delete operations. This can cause over-invocation of a high-privilege skill and increase the chance that unrelated or insufficiently scoped user requests are funneled into a connector capable of destructive actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.