Balanced Prospecting Cadence Designer

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed sales-planning skill that reads sales context and writes a cadence plan, with no hidden code or credential behavior.

Reasonable to install for sales planning. Use it in a folder containing only the sales documents you intend the agent to read, and avoid including secrets, unnecessary customer PII, or unrelated confidential files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 89% confidence
Finding: The skill explicitly states it may read files from the working directory, including business documents like ICPs, prospect lists, and pipeline ratios, but it does not clearly warn the user about the scope of data that may be accessed or advise limiting the directory contents. This can lead to over-collection of sensitive sales, customer, or internal business data beyond what the user intended to share, especially in environments where the working directory contains unrelated files.

VirusTotal

50/50 vendors flagged this skill as clean.

View on VirusTotal