Team Collaboration Skill

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-built for multi-agent collaboration, but it persists user profile and task information and can trigger proactive behavior without clear consent, retention, or disable controls.

Install only if you want a persistent multi-agent memory system. Before using it with real work, require confirmation before saving personal details or decisions, disable unsolicited heartbeat outreach unless desired, review or delete the memory files periodically, and add approval gates for GitHub, skill installation, browser automation, scheduled posting, and public publishing actions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (11)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly describes persistent storage of user-related preferences and decisions in shared memory files, but provides no notice, consent mechanism, retention policy, access control guidance, or minimization limits. In a multi-agent collaboration system, this increases the risk of unnecessary collection, long-term retention, and broad intra-agent exposure of potentially sensitive user information.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The skill instructs automatic extraction of personal/profile information such as identity, preferences, decisions, and lessons from user statements and stores them persistently without warning or consent. This is especially risky because the extraction is proactive and broad, making it easy to collect sensitive or unexpected data and propagate it across a shared multi-agent memory system.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The heartbeat section schedules checks every 30 minutes with no explicit scope limits, trigger ownership, or guardrails on what actions may be taken during those checks. In a multi-agent collaboration skill with persistence, task routing, and reminders, broad periodic triggers can cause autonomous actions to occur outside the user's immediate request, increasing the risk of privacy-invasive monitoring, unwanted reminders, or repeated side effects.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The instruction to send a greeting if the user has been inactive for over 24 hours enables proactive outreach without any visible consent, warning, or opt-in boundary. Because this skill is designed for persistent multi-agent collaboration and tracking user preferences/status, that behavior can become privacy-sensitive and may surprise users by initiating contact based on inactivity monitoring.

Natural-Language Policy Violations

Medium

Confidence: 95% confidence
Finding: The skill explicitly mandates Chinese-language behavior ('中文搜索用 baidu-search') without checking the user's language preference or obtaining opt-in. This can override user intent, reduce usability for non-Chinese users, and steer queries toward a region-specific provider in ways the user did not request.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger phrases are broad, common conversational patterns such as "我叫/我是..." and "我喜欢/讨厌...", so ordinary user dialogue can be persisted without a clear, intentional save action. In a multi-agent collaboration skill with persistence, this creates a real privacy and data-minimization risk because personal details, preferences, and other sensitive context may be extracted and retained unexpectedly.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The rules explicitly define automatic extraction and storage of personal identity, preferences, and important information into persistent files, but there is no notice, consent flow, or retention warning. Because the skill is designed for persistent multi-agent collaboration, silently storing user-provided personal data materially increases privacy, compliance, and secondary-use risks across agents and sessions.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The product-routing keywords include very broad terms such as '分析', '功能', and '有什么建议', which can match many ordinary requests that are not specifically product-related. In a multi-agent collaboration skill, this can cause misrouting of user tasks, leading to inappropriate agent selection, degraded output quality, and possible unintended exposure of context to the wrong role.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The R&D routing section uses generic technical terms like '代码', 'API', and '自动化' without defining scope boundaries, so many mixed business or operational requests may be routed to engineering by mistake. In this skill's context, routing errors matter because downstream agents may perform different actions or receive different context, increasing the chance of incorrect execution paths or unnecessary privilege use.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The operations keywords include broad items such as '数据', '分析', and '内容', which are common across many domains and can trigger on unrelated requests. In a persistent multi-agent system, this raises the risk of sending user requests to the wrong specialist path, producing misleading responses and potentially sharing information with an unintended agent role.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The workflow explicitly instructs agents to write task results, discoveries, and decisions into persistent memory files, but it does not disclose this persistence to the user or define any consent, minimization, or retention boundaries. In a multi-agent collaboration skill, this can cause unintended storage of sensitive prompts, internal deliberations, or user data across sessions, increasing privacy and data-handling risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal