Back to skill

Security audit

Agent Board

Security checks across malware telemetry and agentic risk

Overview

AgentBoard is a coherent storyboard helper, but it includes public/editable sharing and payment retry behavior without enough explicit user confirmation guidance.

Use this skill only for storyboard projects you are comfortable sending to the hosted AgentBoard service. Confirm before uploading sensitive client or unpublished material, before creating public or editable share links, and before any X-Payment or purchase-related retry is attempted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill explicitly advertises public sharing via a view URL and scoped share tokens, but it does not clearly instruct the agent to obtain user consent or warn that storyboard contents may become accessible to anyone with the link. In a storyboard workflow, boards may contain unpublished creative material, client assets, scripts, or sensitive annotations, so exposing them through public URLs creates a real confidentiality risk.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.