Divide Agent

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is aligned with decomposing problems, but users should be aware it may browse reference pages and save the output as a wiki document.

Install this for general problem-decomposition work. Before using it with confidential plans, client data, or internal strategy, confirm whether web browsing is allowed and where the generated wiki document and submitted attachment will be stored or shared.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The skill instructs the agent to create a wiki document and submit it as an attachment even though the manifest only describes a generic 'divide agent' task. Unjustified artifact creation/export expands the data-handling surface and can lead to unintended persistence or exfiltration of user-provided content into external systems without clear necessity or user consent.

Natural-Language Policy Violations

Medium

Confidence: 91% confidence
Finding: The skill directs the agent to use specific external Chinese-language links or internet search to resolve uncertainty, without user opt-in or justification tied to locale or trust requirements. This can cause unnecessary outbound browsing, expose user task context to third-party services, and anchor the model to untrusted external content that may be manipulated or irrelevant to the user's environment.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal