Pipeline Analyst

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only pipeline analysis skill that fits its stated revenue-forecasting purpose and does not install code or request credentials.

Before installing, treat any CRM or pipeline data you provide as sensitive business information. Use anonymized exports or scoped integrations where possible, and review any separate connector or automation that grants the agent CRM access because this skill itself does not include those controls.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The skill says to activate it by referencing the agent "by name or specialty" when its expertise is needed, but it does not define exact trigger phrases, scope, or exclusions. "Specialty" is ambiguous and could cause unintended invocation during normal discussion of pipeline analysis topics.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal