Team Task Dispatch

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent OpenAnt team-task helper, but it tells agents to change shared task and review state automatically without user confirmation.

Install only if you want an agent to actively manage OpenAnt team tasks. Require explicit confirmation or close supervision before creating subtasks, claiming work, submitting deliverables, approving or rejecting reviews, or submitting the parent task, especially in shared or production workflows.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The skill documents and encourages state-changing commands such as subtask creation, claiming, submission, review, and parent task submission, but those operations are not present in the manifest's allowed-tools list. This creates a dangerous mismatch between what the model is instructed to do and what the runtime policy actually permits, increasing the chance of policy drift, unsafe fallbacks, or future accidental enablement of destructive actions without proper review.

Intent-Code Divergence

Medium

Confidence: 88% confidence
Finding: The instruction to always append --json is inconsistent with the allowed-tools patterns, which only enumerate a subset of command families and do not clearly reflect the full documented command surface. Such inconsistencies can cause the agent to generate commands it believes are valid and safe while the enforcement layer interprets them differently, weakening predictability and opening room for policy bypass or unsafe operator assumptions.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly authorizes autonomous claim, submit, create, approve, and reject actions with no confirmation, even though these operations modify shared team workflow state and can affect deliverables, reviews, and task completion. In a multi-user coordination system, incorrect or premature actions can disrupt work allocation, approve bad output, reject valid work, or submit incomplete parent tasks, causing operational and integrity harm.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal