Agent Team Orchestration

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only playbook for coordinating agent teams; it has no hidden executable behavior, but users should be mindful of shared workspaces and the external model API it recommends.

Install this if you want a playbook for coordinating multiple agents. Keep API keys out of prompts and shared folders, avoid placing secrets or regulated data in shared artifacts, review persistent agent instruction files before use, and only enable scheduled agents with clear ownership and a way to stop them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Low

Confidence: 91% confidence
Finding: This is a markdown file, so SQP-2 applies to missing warnings in the skill description. Line L027 instructs users to send requests to an external endpoint and use `SKILLBOSS_API_KEY`, but the document does not warn that data will be sent off-system or that credentials are required and should be handled carefully.

External Transmission

Medium

Category: Data Exfiltration
Content: ## Model Selection Per Role Match model cost to the cognitive demands of the role. All models are accessed via SkillBoss API Hub — use `POST https://api.heybossai.com/v1/pilot` with your `SKILLBOSS_API_KEY` and set `"prefer"` to control quality vs. cost tradeoff. | Role | Needs | Model tier | |------|-------|-----------|
Confidence: 50% confidence
Finding: https://api.heybossai.com/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal