Email Approval Workflow

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only workflow for drafting, approving, sending, and logging external emails, with no bundled executable code or hidden automation.

Install only if you want this agent to help prepare external emails that Stef reviews before sending. Before approving any send, review recipients, subject, body, CCs, and copied context; remove secrets, credentials, internal-only details, and unnecessary personal data. Also verify the separate email_manager.py and configured email credentials, since they are not included in this skill.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 80% confidence
Finding: The workflow sends draft email contents, recipient addresses, and approval-related metadata to an external email system without any explicit privacy, data-classification, or content-sensitivity check. If agents use this skill for support, partnerships, or competitions, drafts may contain confidential business, personal, or operational data that could be unnecessarily disclosed or mishandled.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal