Accept Task

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-built for OpenAnt task acceptance, but it gives the agent authority to accept or apply for work without confirmation.

Install only if you are comfortable with an agent accepting or applying for OpenAnt work through your account. Prefer adding a manual confirmation step before `tasks accept`, `tasks apply`, or downloading attachments, especially when the user request does not explicitly name OpenAnt and the exact task.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The skill description includes broad triggers like "take this task," "pick up work," and "volunteer for an assignment," which can overlap with ordinary user requests and cause unintended invocation. Because this skill performs external actions that can commit the user to work, accidental triggering materially increases the risk of unauthorized task acceptance or application.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The skill explicitly directs the agent to execute acceptance/application immediately and then download external files, all without warning or confirmation. These are state-changing, externally visible actions that can bind the user to obligations, consume limited application slots, and retrieve potentially untrusted content, making silent execution dangerous.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal