Back to skill

Security audit

CRM Pipeline Manager

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed sales outreach and lead-tracking assistant with sensitive but purpose-aligned local storage and optional email automation.

Install only if you are comfortable storing prospect and outreach data locally under ~/workspace/leadgen. Keep that machine protected, review generated emails before sending, avoid enabling SMTP auto-send or cron autopilot until you understand the workflow, and verify the bundled helper script is present before relying on its validation claims.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The README describes very broad natural-language control of CRM actions without defining clear invocation boundaries, confirmation requirements, or examples of disallowed ambiguous inputs. In an agent setting, this can cause unintended state-changing actions such as creating, updating, or closing deals based on loosely phrased user text, increasing the risk of prompt ambiguity and accidental data modification.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The README advertises local-only storage but does not clearly warn that the skill may store sensitive business data such as prospect identities, deal values, notes, and revenue information on disk. Users may unknowingly place confidential sales data on inadequately secured endpoints, creating privacy, confidentiality, and compliance risks if the machine is shared, compromised, or insufficiently protected.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill instructs the agent to parse natural-language references to leads, deals, contacts, or sales activities, which creates a very broad activation surface. In practice, ordinary business conversation could be misinterpreted as an instruction to create or modify CRM records, causing unintended persistence of user content and silent workflow side effects.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The description markets the skill as managing the sales pipeline 'entirely through natural language' and encourages broad conversational use without defining strict trigger boundaries. That increases the chance the agent will activate on loosely related sales talk, infer structured data incorrectly, and store or alter records the user did not intend to persist.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.