Generect API

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Generect API helper that sends user-provided lead, company, LinkedIn, and email lookup data to Generect as its documented purpose.

Install only if you are comfortable sending the prospecting data you provide to Generect. Use a dedicated API key, avoid submitting regulated or unnecessary personal data, check your legal basis for lead enrichment or outreach, and review the separate MCP package or remote MCP endpoint before using those optional paths.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 76% confidence
Finding: The skill description is broad enough to activate for many generic sales, research, enrichment, and email-related requests, which can cause over-invocation and unintended transfer of user-supplied personal or company data to the external provider. In a tool that performs third-party lead search and email discovery, broad routing increases the chance of privacy-impacting use outside the user's informed expectations.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill clearly sends names, email addresses, domains, LinkedIn URLs, and company information to a third-party API but does not provide an explicit privacy warning or informed-consent language. Because the skill is designed for prospecting and enrichment of identifiable individuals, the missing disclosure materially raises privacy and compliance risk.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal