Foreign Company Background Check

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed company due-diligence workflow, but it also directs broad collection and inference of individual contact details that can become a targeting-ready dossier.

Review before installing. This skill is not malware and has no executable code, but it can produce broad contact dossiers about company staff. Use it only for legitimate due diligence, prefer official company-level contact channels, avoid inferred or employee-specific contact details unless you have a lawful reason, and do not use the output for unsolicited outreach, harassment, phishing, or profiling.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (11)

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The skill goes beyond ordinary company due diligence by explicitly instructing the agent to infer corporate email naming conventions and use them to help contact additional personnel. That creates a practical targeting and contact-enablement capability, exposing individual-level contact data and enabling unsolicited outreach, phishing, or social engineering against employees.

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: Mandating aggregation of every contact detail found across all channels broadens data collection beyond what is necessary for a background check. Consolidating phones, emails, social accounts, and key-person profiles into one report materially lowers the effort required for targeting and misuse.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The report template normalizes inclusion of key personnel contact records and inferred email formats, turning the skill output into a structured outreach/targeting list rather than a narrow due-diligence summary. Even if sourced from public pages, aggregating and standardizing this data increases abuse potential.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The activation description is broad enough to trigger on common phrases such as '了解某公司' or '查一下某公司', which can cause the skill to run in contexts not clearly intended for formal due diligence. Overbroad triggering increases the chance that sensitive collection behavior is invoked unexpectedly and without sufficient user scoping.

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The example triggers include vague requests that do not sufficiently constrain when the skill should activate. In this skill, that matters because activation initiates broad data gathering and contact aggregation, so ambiguity directly increases misuse and overcollection risk.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly instructs collecting and recording contact information from many sources, including inferred email patterns and individual profiles, without any privacy boundaries, lawful-basis guidance, minimization rules, or user-facing warning. In a background-check skill, this materially increases the risk of doxxing, unauthorized aggregation of personal data, and facilitating targeted phishing or harassment against identified employees or executives.

Ssd 3

Medium

Confidence: 98% confidence
Finding: The overview explicitly directs systematic collection of all discovered contact methods, including individual LinkedIn profiles, and commits to placing them into a report. This is a classic aggregation risk: public fragments become a single high-value targeting dataset when centralized and structured.

Ssd 3

High

Confidence: 99% confidence
Finding: The workflow explicitly says email format inference helps contact other personnel, which is an instruction to derive new contact points for individuals who may not have published them directly. In context, that materially facilitates spear-phishing, impersonation, and other social-engineering attacks.

Ssd 3

High

Confidence: 98% confidence
Finding: Requiring the agent to record every contact detail from every search channel creates a broad natural-language data leakage pattern. The danger is amplified by centralization: official and semi-official identifiers from multiple sources become an actionable dossier for abuse.

Ssd 3

High

Confidence: 98% confidence
Finding: The dedicated section for key personnel contacts and inferred email formats institutionalizes disclosure of individual-level contact information as a normal output artifact. This makes the skill more dangerous than a generic research tool because it standardizes and scales production of targeting-ready records.

Ssd 3

High

Confidence: 97% confidence
Finding: The note requiring all discovered contact details to be recorded without omission reinforces maximal collection and disclosure rather than minimization. In a due-diligence skill, that pushes the output toward comprehensive contact harvesting, increasing privacy and misuse risk.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal