Cold Call Opener Builder

Security checks across malware telemetry and agentic risk

Overview

This is a plain markdown skill that helps create cold-call scripts and only reads/writes local sales-script documents as part of that stated purpose.

Install this if you want an agent to read local prospecting notes and create a cold-call script file in the current workspace. Review the generated script before using it, and be aware that broad prompts like "phone script" may route to this sales-specific workflow.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The trigger phrases are broad enough that the skill could activate on ordinary sales-assistance requests that do not specifically call for this workflow. Overbroad invocation can cause the agent to enter the wrong skill, generate unintended sales scripts, or pull in dependent files/tool actions in contexts the user did not mean, which is a real integrity and safety issue in agent routing.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill is designed to write a file into the working directory, but the user-facing description does not clearly warn that local files will be created or modified. In agent environments, silent file writes are dangerous because they can alter workspace state, overwrite user content, or leave artifacts the user did not consent to, especially when the skill also reads upstream files automatically.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal