27 Automation Workflows

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only automation planning guide; it has some privacy and approval caveats users should add in practice, but no hidden execution or direct system access is evident.

Before using this to build real automations, add your own guardrails: use lawfully collected data, minimize fields sent between services, test with non-production data, require approval for CRM writes, invoices, payments, and outbound campaigns, and keep audit logs and rollback paths for live workflows.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill gives detailed instructions for automating workflows involving leads, clients, CRM records, invoices, payment events, and customer health data, but it omits privacy, consent, data minimization, and irreversible-action safeguards. In practice, this can lead users to build automations that over-share personal or financial data, send communications without proper authorization, or make bulk changes across systems without validation or rollback controls.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal