Ravi email-writing

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a professional email-writing guide, with a transparency caveat around AI-disclosure wording but no evidence of hidden execution, data theft, persistence, or destructive behavior.

Install only if you want help drafting polished emails. Review generated messages before sending, avoid impersonation or misleading outreach, and disclose AI assistance whenever your workplace, recipient, contract, or applicable rules require it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Natural-Language Policy Violations

High

Confidence: 96% confidence
Finding: The instruction to write emails that look like they came from a real person rather than an AI encourages concealment of AI involvement. In many organizations, this can facilitate deceptive outreach, impersonation concerns, or policy violations by making machine-generated communications appear human-authored without disclosure.

Natural-Language Policy Violations

High

Confidence: 97% confidence
Finding: The advice against 'Sent by AI' disclaimers goes beyond style guidance and can discourage transparency about AI assistance. In contexts with legal, contractual, or organizational disclosure requirements, this can mislead recipients and increase the risk of deceptive or non-compliant communications.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal