Lead Storage
Security checks across malware telemetry and agentic risk
Overview
This skill is a narrowly scoped lead-storage helper that writes approved lead records only after supervisor confirmation, with no hidden executable behavior found.
Before installing, confirm which exact sheet or database the skill can write to, use least-privilege credentials for only that destination, and rely on a trusted supervisor workflow to issue confirmation tokens for the specific leads being saved.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.