fundraising from top tier vc

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only fundraising helper, but users should personally approve any investor outreach and verify the included contact before use.

Install only if you want an agent to help with VC fundraising workflows. Before connecting it to email, CRM, calendar, or file-sharing tools, confirm the recipient list, message wording, and every attachment yourself, and treat the named contact as an example to verify rather than an endorsement.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill instructs the agent to send pitch decks and conduct staged outreach to external investors without any safeguards around user consent, authorization, confidentiality, or data minimization. In an agent setting, this can lead to unintended disclosure of sensitive startup materials, business plans, metrics, or founder contact details to third parties, creating privacy, confidentiality, and reputational risk.

Ssd 3

Medium

Confidence: 93% confidence
Finding: The skill embeds a named individual's direct email address and encourages its use in outreach, which promotes disclosure and reuse of personal contact data in agent outputs. This increases the chance of privacy violations, spam, unauthorized outreach, and over-trusting hardcoded recipient data that may be stale, inaccurate, or used without the subject's consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal