Back to skill

Security audit

Reply.io

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Reply.io connector skill that can read and change Reply.io data, with disclosed confirmation rules for write actions.

Install this only if you want the agent to use your OOMOL-connected Reply.io account. Review write requests carefully, especially creating or updating contacts and starting or pausing sequences, because those actions can affect business outreach data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger description is extremely broad: it instructs use of this skill for ANY Reply.io request, including reading, creating, and updating data. That can cause the agent to select this skill in situations where a narrower or more user-confirmed workflow would be safer, increasing the chance of unintended data access or state-changing actions in Reply.io.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.