Email Reply Reader

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it helps search recent Gmail job-application messages, with privacy-sensitive access that users should scope carefully.

Install only if you are comfortable letting an agent search the selected Gmail account for recent job-related messages. Confirm the Gmail account, narrow the query or date range if needed, avoid reading full email bodies unless necessary, and revoke or limit gog Gmail access when finished.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The manifest description uses broad triggers like checking replies, recruiter emails, and inbox activity, which can match ordinary email-related requests and cause the skill to activate without the user clearly intending Gmail access. Because this skill reads inbox and sent-mail contents, overbroad activation increases the chance of unnecessary exposure of sensitive personal communications.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The skill does not prominently warn that it will access and analyze Gmail inbox and sent-mail content, which undermines informed user consent for a privacy-sensitive action. In context, the workflow explicitly searches both inbox and sent mail, so a user may unknowingly permit broader email inspection than expected.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal