Back to skill

Security audit

Agent Orchestrator

Security checks across malware telemetry and agentic risk

Overview

This skill is openly designed to run multi-agent workflows, but it gives autonomous sub-agents broad file, shell, and execution authority without enough built-in limits or approval checkpoints.

Install only if you intentionally want a skill that can coordinate multiple autonomous sub-agents. Before use, set explicit limits for how many agents may run, where they may read and write, whether Bash or file edits require approval, and when generated workspaces may be archived or deleted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The mandatory trigger list is very broad and includes common phrases like 'orchestrate', 'decompose task', and 'delegate tasks', which can cause the skill to activate during ordinary user requests rather than only when explicitly intended. In this skill's context, accidental activation is more dangerous because activation leads to autonomous sub-agent spawning and follow-on file operations, increasing the chance of unintended multi-agent execution.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs the agent to create workspaces, generate SKILL.md files, write instructions and status files, archive agent outputs, and clean up temporary files, but it does not explicitly warn the user that these filesystem changes will occur. This is risky because the skill is an orchestrator: once invoked, it can cause broad, cascading file creation and deletion across multiple sub-agent directories, making accidental or non-transparent side effects more impactful.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.