Back to skill

Security audit

Lead Gen Seller

Security checks across malware telemetry and agentic risk

Overview

This is a Markdown-only B2B lead research and outreach-drafting guide with no code execution, credentials, persistence, or automatic sending behavior.

Safe to install for public B2B lead research and outreach drafting. Review all generated lead lists and emails before use, keep claims truthful, use only public or permissioned information, honor opt-outs and do-not-contact requests, and follow applicable privacy and anti-spam rules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly instructs users to collect founder names and use them for personalized cold outreach, but it provides no guidance on lawful basis, privacy compliance, consent expectations, or limits on collecting/storing personal data. In a lead-generation context, this increases the risk of privacy violations, unsolicited contact abuse, and noncompliant handling of personal information scraped from public sources.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.