Back to skill

Security audit

Follow-Up Sequence Writer

Security checks across malware telemetry and agentic risk

Overview

This is a writing-only skill for drafting follow-up email and SMS campaigns, with no code execution, credentials, CRM access, or autonomous sending behavior.

Treat generated campaigns as drafts. Before importing or activating them in a CRM, confirm recipient consent, unsubscribe and SMS opt-out handling, quiet-hour rules, privacy obligations, brand accuracy, and any industry-specific marketing requirements.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly generates ready-to-deploy email and SMS sequences for CRM import and sending, but it does not warn users about legal and operational obligations tied to outbound messaging, such as consent, opt-out handling, TCPA/CAN-SPAM compliance, privacy rules, and reputational risk. Because the output is positioned as deployment-ready, users may send campaigns without reviewing compliance requirements, increasing the chance of unlawful or harmful customer communications.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.