Icp Qualifier

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only sales lead scoring skill with no code or permissions, though its demographic and geography filters need careful human oversight.

Install only if you intend to use it as a manual prospecting rubric. Do not use age or gender to qualify leads, treat the US-only filter as a configurable campaign constraint, verify public contact details before outreach, and follow applicable privacy and anti-spam requirements.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 95% confidence
Finding: The skill explicitly restricts qualification to brands 'Based in United States only' and later treats international brands as auto-disqualified, embedding geographic discrimination directly into automated lead scoring. In a sales workflow this can cause systematic exclusion of otherwise valid leads without user opt-in, policy justification, or configurable business rules, creating compliance, fairness, and reputational risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal