Collaborative Agent 1fe479

Security checks across malware telemetry and agentic risk

Overview

This is a low-impact learning/reference skill with no executable code, installs, credential access, persistence, or hidden data flows.

Reasonable to install as a lightweight reference skill. Be aware that its triggers are broad and its source material appears video-derived, so treat it as a learning aid rather than an authoritative technical implementation guide.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger condition at line 33 activates on a very generic phrase, which can cause the skill to run in situations far beyond its intended scope. Overly broad triggers increase the chance of accidental invocation, context hijacking, or unexpected behavior when unrelated user requests contain matching text.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The secondary trigger is also broad and unspecific, making it easy for unrelated conversations to match and invoke the skill unexpectedly. In a collaborative-agent context, this can route user interactions into low-relevance or unintended behavior, which is especially risky because the skill content is a merged aggregation of loosely related sources.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal