Agent Conductor

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent coding-agent orchestrator, but it broadly delegates file edits, script execution, and long-running background work to arbitrary coding agents without enough guardrails.

Install only if you intentionally want a multi-agent coding workflow. Before using it, set local rules requiring explicit approval for file writes and command execution, restrict work to trusted directories, avoid passing secrets or production credentials, cap background jobs, and review all generated changes before accepting them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The rule 'If it produces file changes → dispatch it' is overly permissive and can cause automatic handoff of nearly any write operation to an external coding agent, including sensitive edits. In this skill context, that increases the chance of unnecessary execution, reduced human review, and propagation of unsafe changes across files or workflows without adequate trust boundaries.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal