Sales Call Plan Do Review Coach

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only sales coaching skill that reads and writes clearly named deal documents for call planning and review.

Before installing, confirm you are comfortable letting the agent read sales call notes, transcripts, and deal briefs, and ask it to show proposed updates before changing deal-brief.md or needs-log.md if those files are shared or authoritative.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The skill instructs the agent to write `call-plan-{date}.md` and `call-review-{date}.md` automatically, but does not require explicit user confirmation before modifying the workspace. In a document-oriented environment, silent writes can overwrite existing notes, create misleading records, or persist sensitive sales content in locations the user did not intend.

Missing User Warnings

Low

Confidence: 87% confidence
Finding: The instruction to update `deal-brief.md` or `needs-log.md` encourages modification of user-maintained source-of-truth records without a consent gate or change review. That can corrupt account history, inject incorrect conclusions derived from imperfect call notes, or leak sensitive business judgments into persistent shared documents.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal