test

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only email-processing guidance skill with sensitive email handling disclosed and aligned to its purpose.

Install this only if you intend to build or advise on email-processing systems. Before connecting real mailboxes, confirm authorization, use least-privilege email scopes, isolate tenants, redact sensitive data where needed, avoid logging raw message bodies or attachments, and define retention and deletion behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The activation text is extremely broad: 'Reference this agent by name or specialty when you need its expertise.' In agent ecosystems, vague activation criteria can cause unintended invocation based on generic email-related mentions, expanding the skill's execution surface and increasing the chance that untrusted content or the wrong workflow triggers this agent unexpectedly.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal