Internal Hub Agent Lab

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed coordination skill for routing reusable work notes into a shared internal hub, with the main caution being broad automatic activation.

Install only if you want agents to use D:\internal-hub as a shared workspace for reusable coordination notes and skills. Because it can be invoked implicitly, keep sensitive or unrelated information out of that hub unless you intentionally want it shared there.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill enables implicit invocation without any visible trigger constraints or narrowing conditions, which can cause the agent to activate this skill in situations broader than intended. Because the skill is designed to route information into a shared internal hub, unintended activation could expose internal notes, handoffs, SOPs, or reusable findings into the wrong workflow or context, increasing the risk of oversharing or policy-boundary drift.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal