Email Triage

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only email triage guide that uses existing mailbox access to prioritize messages, with a privacy caveat around broad activation wording.

Install only where you are comfortable with the agent reading email metadata and limited previews for priority messages. Use explicit prompts like "triage my inbox" and confirm whether connected CRM or customer-directory data should be used.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill advertises broad trigger phrases such as "what's important" and "check for urgent email," which are common, everyday utterances that can match many benign conversations. This can cause unintended activation of the email-triage skill in contexts where the user did not explicitly ask to operate on inbox data, increasing the chance of unnecessary email access, summarization, or disclosure of sensitive metadata.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal