Prospecting Objective Setter

Security checks across malware telemetry and agentic risk

Overview

This is a sales-planning skill that reads limited prospecting context and writes a local plan file, with no executable code or hidden high-impact behavior found.

Install only in a workspace where you are comfortable letting the agent read the named sales/prospecting files. Review or redact CRM exports, prospect lists, and account notes before invoking it, and expect a local dated markdown plan file to be created.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Low

Confidence: 92% confidence
Finding: The skill explicitly states it will write `prospecting-objective-plan-{date}.md` to the working directory, but it does not clearly warn the user before modifying local files. This is a real but low-severity safety issue because unexpected file creation can overwrite user expectations, create clutter, or contribute to unsafe automation chains if the skill is invoked implicitly.

Missing User Warnings

Low

Confidence: 89% confidence
Finding: The skill instructs the agent to read potentially sensitive working-directory files such as `icp.md`, `prospect-list.csv`, and `account-notes.md` without any privacy or data-handling disclosure. In a sales context, those files may contain customer, prospect, or commercially sensitive information, so silent ingestion increases the risk of over-collection and unintended exposure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal