Back to skill

Security audit

Sales Pro

Security checks across malware telemetry and agentic risk

Overview

This is a coherent sales assistant, but it should be reviewed because it describes syncing lead and deal data through external memory/Supabase without clear privacy, retention, or user-control details.

Install only if you are comfortable processing customer and pipeline data with this skill. Before enabling memory sync, Supabase, Telegram/WhatsApp, CRM, or timer integrations, confirm what data is stored, who can access it, how customers opt out, and how records are deleted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (14)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The README instructs users to start by writing a very generic phrase to the agent, which can cause accidental activation of the sales behavior in contexts where the user did not clearly intend to invoke this skill. In agent systems with multiple skills or prompt-routing, broad triggers increase the risk of misrouting, unwanted behavior, and interference with other tasks.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The listed trigger phrases include short, generic terms like sales concepts and common business words that may naturally appear in unrelated conversations. This makes unintended invocation more likely, especially in environments where the model selects behavior based on trigger matching rather than explicit user choice.

Vague Triggers

Medium
Confidence
88% confidence
Finding
Broad trigger phrases for call-script mode can cause accidental activation during ordinary conversation, making the agent enter a sales workflow when the user did not intend to invoke the skill. In a sales skill, that can expose conversation content to unintended processing, generate manipulative outreach content, or interfere with other agent tasks due to prompt collision.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The messaging-script trigger set includes generic phrases that may overlap with normal user requests, increasing the risk of unintended activation. In context, that could lead the assistant to draft outbound client messaging or process sensitive business context when the user only wanted general advice, creating privacy and workflow integrity risks.

Vague Triggers

Medium
Confidence
89% confidence
Finding
Vague objection-handling triggers like natural conversational fragments are prone to accidental matching in unrelated contexts. Because this skill produces persuasive sales responses, accidental activation can redirect the agent into manipulative or business-sensitive output flows without clear user intent.

Vague Triggers

Medium
Confidence
86% confidence
Finding
A very broad trigger for commercial-offer generation can activate on ordinary mentions of proposals or quotes, causing the agent to generate formal sales materials unexpectedly. In practice this can mishandle confidential pricing, customer details, or business positioning if invoked accidentally from a broader conversation.

Vague Triggers

Medium
Confidence
87% confidence
Finding
Generic reminder/follow-up triggers may collide with everyday speech, unintentionally placing the agent into a contact-sequencing workflow. Given that follow-up content may rely on prior deal context and timing logic, accidental activation can expose or act on sensitive customer engagement information without clear intent.

Vague Triggers

Medium
Confidence
85% confidence
Finding
Broad deal-closing triggers with unclear boundaries increase the chance that ordinary conversation about closing, finishing, or finalizing could invoke a high-pressure sales tactic generator. In context, this is risky because it can generate manipulative negotiation content and process deal-specific context when the user did not intentionally enter that mode.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill states that deals and leads are stored in agent memory and synchronized via Supabase, but it does not provide an explicit user warning, consent flow, retention policy, or data-classification guidance. In a sales context this likely involves customer names, contact details, pipeline status, and commercial information, so silent storage/sync materially increases confidentiality, compliance, and unauthorized disclosure risk.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases are broad, generic sales-assistance requests such as "Review my pipeline" and "Forecast this quarter," which plausibly overlap with normal user queries outside an explicit skill-invocation flow. This can cause unintended activation or routing to the skill, leading to context confusion, unwanted prompt injection surface expansion, or accidental disclosure of user/business data into the wrong tool context.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are generic sales expressions such as wanting to increase sales or needing a system, which can easily appear in normal business discussion outside the intended invocation context. In a sales automation skill, this creates a realistic risk of unintended activation or over-application of the skill's behavior, potentially causing unsolicited workflow changes, inappropriate follow-up generation, or processing of conversations that were not meant to invoke the skill.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The content proposes automated customer messaging over WhatsApp/Telegram and real-time integration with member records, but provides no mention of consent, lawful basis, retention, access controls, or data-processing safeguards. In a sales automation skill, this omission can lead users to implement outreach and member-data processing in ways that violate privacy requirements or expose sensitive customer information.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The example hard-codes Russian-language input and output without any indication that the agent should detect or respect the user's preferred language. This can cause confusing or inaccessible behavior for non-Russian users and may lead to incorrect handling in multilingual deployments, though it is not a direct security exploit.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The quick-start phrases are very broad, imperative-style triggers that could cause accidental activation or overreach when similar user text appears in ordinary conversation. Because there are no explicit boundaries, confirmation steps, or exclusions, the skill may interpret ambiguous input as a command and produce sales messaging or analysis the user did not clearly request.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.