Manage Teams

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a straightforward OpenAnt team-management helper, with mutating actions disclosed and destructive actions marked for confirmation.

Install this only if you want the agent to operate OpenAnt teams for you. Use explicit prompts for mutating actions, and verify team IDs, user IDs, and any delete or remove-member request before confirming.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 79% confidence
Finding: The skill description uses broad, highly generic trigger phrases such as 'manage my team' and 'team members,' which can cause the agent to invoke this skill for ambiguous requests without a clear boundary between read-only and state-changing operations. In a skill that includes joining teams, adding/removing members, and deleting teams, overbroad invocation criteria increase the chance of unintended privileged actions being selected in response to vague user prompts.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal