Phy Event Gtm

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only conference marketing playbook; its contact-capture advice needs normal privacy care but does not show hidden or unsafe behavior.

Installers should treat this as a playbook, not an automation grant. Use it with consent-aware contact capture, avoid recording sensitive information without permission, store lead notes in approved systems, and respect event rules and privacy laws.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger description includes broad phrases like "event marketing" and "any conference/event preparation task," which can cause the skill to activate in contexts beyond its intended scope. Over-broad invocation increases the chance the agent will apply this playbook to unrelated user requests, leading to irrelevant or risky guidance being surfaced without sufficient user intent.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill instructs users to photograph business cards, record voice memos about people, and mark lead status, but provides no consent, retention, or privacy guidance. In a sales context this can lead to collection and storage of personal data without notice or lawful basis, creating privacy, compliance, and trust risks if the information is mishandled or synced to insecure systems.

VirusTotal

No VirusTotal findings

View on VirusTotal