Dm Outreach

Security checks across malware telemetry and agentic risk

Overview

This skill drafts Instagram messages and saves them locally; it does not ask the agent to send messages or access Instagram accounts.

Safe to install as a drafting aid. Review every generated DM before sending, do not automate Instagram sending with this skill, and keep or delete the generated CSV according to how sensitive the lead/contact data is. Before repeated runs on the same day, check whether the output CSV already exists.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 92% confidence
Finding: The skill explicitly instructs the agent to save DM drafts to a workspace CSV file but does not specify safe file-handling behavior such as using a unique filename, checking for existing files, or warning before overwrite. This can lead to accidental data loss or unintended modification of prior workspace contents, especially in repeated runs or shared workspaces.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal