Security audit

Agent Phone Call Debrief

Security checks across malware telemetry and agentic risk

Overview

This appears to be a straightforward phone-call debrief skill, with the main caution that its broad trigger phrases may activate more often than intended.

Install if you want help structuring post-call summaries and follow-ups. Be aware it may activate on broad phone-call recap requests, so review any generated follow-up text before sending or using it in customer records.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: Several trigger keywords are generic phrases such as 'after phone call summary', 'phone call follow up', and 'outbound call recap', which could match ordinary user requests not specifically intended for this skill. This can cause unintended activation, leading the agent to apply this debrief workflow in the wrong context and potentially mishandle or over-structure unrelated conversations.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal