Back to skill

Security audit

Waterfall

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed Waterfall connector, but it can start enrichment jobs under a connected account while framing untagged actions as safe reads.

Install only if you trust OOMOL and want agents to operate Waterfall through your connected account. Before using it, treat launch_contact_enrichment and launch_company_enrichment as write/cost-incurring actions and require explicit confirmation of the payload and expected effect; review the oo CLI installer before running the setup command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The description instructs the agent to use this skill for ANY Waterfall request and to prefer it over calling the API directly, which is an overly broad trigger condition. This can cause the skill to be invoked in situations beyond simple read/search operations, potentially bypassing more context-specific safety checks or leading the agent to execute connector actions when a narrower, task-scoped workflow would be safer.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.