Lead Researcher

Security checks across malware telemetry and agentic risk

Overview

This is a coherent lead-research helper that may process prospect contact data, but the artifacts do not show hidden execution, persistence, exfiltration, or account-changing behavior.

Before installing, decide which search or enrichment providers you trust, use scoped API keys if you configure any, and verify that lead collection and outreach comply with applicable privacy, platform, and anti-spam rules. Treat generated contact data as unverified until checked.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly collects decision-maker names, emails, and other contact data, then generates personalized outreach, but provides no privacy notice, lawful-use guidance, consent expectations, or retention limits. In this context, the omission is meaningful because the skill is designed for prospecting at scale, which can enable privacy violations, scraping of personal data, or noncompliant outreach under regulations such as GDPR, CCPA, and anti-spam laws.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal