Back to skill

Security audit

Local Lead Outreach Engine

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only B2B lead research and cold-email drafting skill with explicit safety and approval guardrails.

Safe to install as a drafting and lead-qualification aid. Before using any generated outreach, verify the prospect evidence, use lawful business contact data, include opt-out language, and do not let connected tools send messages until you approve the final recipient list and copy.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
This markdown file includes an example invocation, "Score this lead list and write a 3-email sequence for the best 10 prospects," without naming the skill or otherwise constraining when it should activate. Because the phrase is generic sales-assistance language, it could collide with normal conversation and create unintended invocation ambiguity.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
Always include opt-out language when preparing production-ready cold email.

Do not help bypass consent, hide sender identity, evade spam filters, scrape behind logins, or target private individuals at home.

For practical compliance guardrails, read `references/safety-and-compliance.md`.
Confidence
85% confidence
Finding
bypass consent

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.