WenHub

Security checks across malware telemetry and agentic risk

Overview

WenHub is a disclosed markdown-only governance workflow skill, with some broad activation and persistent workspace-file guidance users should review.

Install this only in projects where you want WenHub's persistent multi-agent governance process. Review any optional templates from the referenced website separately before using them, and avoid placing secrets or private data in SOUL.md, AGENTS.md, or .wenhub files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger conditions are very broad and map to common collaboration, reporting, knowledge management, and safety scenarios, so the skill may activate in many unrelated contexts. Because this skill governs multi-agent workflow and instructs creating governance files and processes, unintended activation could override or interfere with existing project instructions, causing misrouting of tasks, unnecessary process injection, or policy conflicts.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal